Rethinking Security in 2014: Compliance and Regulation Audits
As we all are probably aware, if security was not at the top of your priority list in 2013, it certainly will be in 2014. In just 12 months time, security in the tech world as we have known it, has been completely turned around. The NSA has proven that privacy is not implied, and new threats such as CryptoLocker have proven that zero day threats can not only result in data leakage, but also can be downright destructive.
Many of the businesses impacted by these threats were under the impression that their security measures were fortified and airtight. However, these new threats have all but guaranteed that the security measures of old (yes, old is a year ago in many cases) are not necessarily effective enough to protect against the sophisticated threats of today.
Techniques such as social engineering and other non-technical methodologies allow hackers to “break in” without the need to compromise a technical weakness. Once the hacker is in, an internal user’s computer can easily be compromised. This means that many threats and breaches are occurring from inside, on the trusted network. The result is, that malicious activity is occurring outside of the view of many firewall and IDS/IPS technologies in place today, as these technologies are only looking at the perimeter in most cases. In addition, once inside the more sophisticated malware of today uses common trusted protocols such as DNS and SMB to communicate and mask themselves from threat detection systems.
The next generation of security methodologies will require new concepts from the inside and out to protect valuable technology assets. Comm Solutions has a proven record of helping organizations evaluate, plan, design and deploy multi-faceted security solutions that protect networks from modern external and internal threats. Below are some of the most common models, services and concepts that have been successfully planned and enacted by many organizations with the help of Comm Solutions.
- Penetration Testing and security assessments
- Zero trust security model
- Next Generation Firewall
- Microvisor endpoint security
- Cloud security services
- Strong and multi-factor authentication
- Encryption, certificate and key management