The word perimeter, in military terms, defines a fortified boundary that protects a troop position. If we apply that definition to your network, the perimeter is protecting your users, workstations, and servers, and it is important to fortify that perimeter against a variety of attacks. Because the perimeter is a major entry point for cybercriminals, it's vital to understand the security technology for the perimeter that is available today, as well as what to be on the lookout for. Here are some of the things you need to know about establishing a strong perimeter around your network in order to keep it safe.

Identify the issues. What are you defending yourself against?

You should be looking out for a variety of attacks that can come from different angles.

Email Communications

Email communications are essential to any modern organization and a common mechanism for delivering spam or malware. Email can arrive in your inbox with an attachment carrying a malicious payload or a link to a compromised website. If a system on your network is compromised and starts generating spam, your public IP address could be blacklisted, and other agencies would deny receipt of any email coming from your organization. Phishing uses emails designed to trick a user into divulging sensitive information that can be used later against them or sold to someone else.

Remember, emails leaving the network can contain sensitive information that is easily intercepted and used when not encrypted.

The Web

Organizations need to browse the Web to gather information, perform research, and conduct business. Websites visited could be either inappropriate for the workplace or carry malicious code unbeknownst to the user and the website provider. Fake websites and advertisements (a.k.a. malvertising) are being created every day that look identical to legitimate sites and are designed solely to compromise the machines visiting the site or to trick you into divulging critical information.

One visit to a compromised website from a machine with inadequate protection is all it takes to infect that system and, in turn, the rest of your network.

Endpoints

Those with ill intentions are scouring the Internet, trying to find communication endpoints that are exposed enough for them to get a foothold into a network. Once they find their target, they commence their attack using a variety of technological weaponry (e.g. botnets, zombies) that can deny you access to the Internet, crash your network, or steal information. For instance, malware could track your passwords entered into a banking website, record them, and sell them to someone wanting to steal your information. It can also capture your social security number, date of birth, etc. With that data, an ill-intentioned person can extract value from your current accounts or open new accounts with your personal identity and information, and then “go shopping” on your dime.

Night City View

Find the solution. What can be done to limit your exposure?

Identify and stop malicious or compromised traffic before it enters the network; stop it at the perimeter. Using security software on the endpoints is no longer enough, as once the compromised traffic is inside the network, it is often too late to prevent infection or loss of data. True prevention requires the replacement of outdated firewalls with a robust next-generation threat management engine designed to inspect all traffic entering and leaving the network. This inspection entails identifying malware, spam, phishing, or other types of compromised code based on pattern matching, behavior analysis, or blacklisting services.

Provide complete protection for email through a few different mechanisms. First, check all incoming and outgoing email for spam, malware, or phishing attempts. When possible, limit inbound and outbound email to be accepted only when coming from approved sources; this will greatly reduce the chances your network’s email reputation will be compromised. Second, provide a tool for secure email communications so that information can’t be intercepted and taken in transit. This will allow for all users to communicate information more freely while also meeting a host of compliance standards.

Be safer on the Web. Web protection is paramount, as websites and Web traffic are by far one of the biggest targets and sources of malware on the Internet. The next-generation threat management engine needs, in real-time, to be able to inspect traffic and check a site’s reputation to either prevent a user from downloading malicious code or visiting a blacklisted site altogether. Blocking site access based on site category is an easy way to keep chance visits down to malicious sites. Truly, prevention is better than the cure in this case. Keeping users from visiting compromised or malicious sites is a more successful approach to security than cleaning-up the mess that can result otherwise.

Recognize and block threats. Straight-forward network attacks typically come after your public IP address has been scanned and ports have been picked out for targeted attacks. It is desirable to find a perimeter device that not only detects a port scan when it is occurring but will also make your network “semi-undetectable”. This has everything to do with reducing your visibility and “attack surface” to give the attackers less angles from which to attack your network. If an attack does occur (e.g. DoS, DDoS, etc.), the network traffic needs to be identified quickly for what it is and stopped. If a machine does become compromised inside your network, the perimeter device needs to analyze the traffic leaving the network and verify it isn’t attempting to communicate with a known malicious Internet target.

Why should you have a next-generation firewall?

Cybercriminals see the perimeter as an easy entry point. The newer generation perimeter devices make their job harder. Whether identifying active malware in your environment or blocking threats altogether, these threat-management engines perform. Complement the technology with the knowledge of security experts, and you’re taking a significant step to defend your network.