What do we mean when we refer to "multi-layer" security? Why are we sure it's the right way to approach cybersecurity? At first, it may sound too simple, like a naïve "more is better" approach that says two copies of antivirus software on an endpoint are better than one.
Second, it definitely sounds like something security vendors thought up: "We sell eleven types of security solution, and you should buy all of them because, um, multi-layer security!" But even if it’s occasionally misused or overused, multi-layer security has a legitimate core meaning —and a significant role in protecting corporate and small business internet security. The facts are, today’s Web environment encourages and rewards blended attacks, a.k.a "multi-prong" threats, against financial targets. And only coordinated defenses that work across multiple protocols and applications have any chance of stopping them.
Let’s see what’s behind blended attacks, how they work, and how you can stop them without earning a Ph.D. in Computer Science or breaking your company’s budget.
Multi-layer corporate and small business internet security makes sense in the cloud, because the costs of infrastructure, bandwidth, and expertise can be shared across clients—and so can the information needed to correlate and block blended attacks.
Why cybercriminals target businesses and financial institutions
Malware has followed the evolution of computing since the days of prank programs on mainframes and boot-sector viruses on "sneakernet" floppies. So in today’s universal high-speed online marketplace, it’s no surprise that criminals are designing sophisticated exploits aimed at businesses and financial targets. Five main factors are at work:
More connections—higher-bandwidth connections, new devices, and geographic expansion bring more traffic; some of it from regions with hit-or-miss enforcement.
More web applications—browser-based applications are easy to develop and use. But there’s a downside: 60% of Internet attacks target vulnerabilities in Web applications.
More money in more places—remember when very few people shopped or banked online? Financial targets—especially at financial-services firms or payment-card companies—are now too tempting for online thieves to pass up.
Social networking—it’s not a bank manager in Burkina Faso trying to get your attention—it’s your high school BFF with a link you have to see. Except it’s really a thief attacking your employer with some help from your Facebook page.
Consumerization—personal IP-enabled devices like smartphones and applications like Twitter open communications channels your company can’t secure, carrying threats they can’t ignore.
Well-funded professional criminals operating worldwide, planning, researching, organizing, and automating attacks on individual companies—the Web environment offers plenty of support for blended attacks; now let’s see how they work.
Anatomy of a cyber attack
Criminals are pragmatists—they use what works. To get their malicious software installed and persistent on business computers, they’ll mix and match adware, spyware, keyloggers, viruses, rootkits, information "scraped" from social networks, and more. Here’s just one example:
Step 1– An aggregator "scrapes" and correlates information on social networks (Facebook, LinkedIn) to find employees at the target company who have Facebook accounts.
Step 2– A "spear-phishing" email disguised as a Facebook "security update" includes a link to a fake login page. Login attempts disclose employees’ Facebook credentials – but they’re not the final target.
Step 3– A pop-up on the fake site installs a Trojan/keylogger designed to steal passwords and financial information.
Step 4– Trojans and loggers harvest and forward financial information for the thieves to use or resell.
The exploit works in part because 30% of U.S. employees log into social networks from work, on their employers’ computers or their own smartphones—and it only takes one.
The need for multilevel corporate and small business internet security protection
You can’t block blended attacks by blocking every channel attackers might use without sealing off your business from the outside world. And solutions that monitor and block malware on single channels are only partially effective, because:
Only about half of malicious code even has a signature for standard A/V to catch
Heuristics used to back up A/V bog down processors and create false alarms
Up to 90% email is spam: higher security means slower gateway servers
Standard protection doesn’t stop socially-engineered site visits or downloads
With blended attacks, protection comes from correlation and analysis: this email appeal links to that fake website on that botnet, and so on—taking into account the code’s origin, history, structure, behavior, vector, target, and more. It’s a challenge for global multinationals and even governments to maintain multi-layered security defenses like these, and for a small or midsize business, it’s economically impossible.
Advantages of a layered security strategy
Layered security strategies are reactions to today's cyber threat landscape. Rather than simply waiting for attacks to hit endpoints, layered security takes a holistic view of cyber defense, accounting for the multitude of vectors by which modern malware is delivered and recognizing the importance of network and end user-level security.
Advantages to this strategy include:
- A strategy for guarding against ascendent polymorphic malware
- Protection from attack via email attachment, files, adware, links, apps, and more
- DNS-level security to defend against threats originating at the network level
- End-user education programs to address the source of 93 percent of all data breaches- user error
How cloud-based solutions make multi-layered security accessible to all businesses
The advent of cloud computing turned the economics on its head. SaaS routes all of a business’s inbound and outbound email and web traffic through a provider’s network of high-performance data centers. The provider scans, tests, and then blocks, quarantines, or forwards the traffic using infrastructure, skills, and processes few businesses could afford on their own, all outside its clients’ business networks.
Multi-layer corporate and small business internet security makes sense in the cloud, because the costs of infrastructure, bandwidth, and expertise can be shared across clients. The same goes for the information needed to correlate and block blended attacks. Collective security, a model whereby security advancements can instantaneously be made to benefit all users, is only possible because of the cloud.
It's essential to find a SaaS provider who offers the transparency to let you evaluate your protection, and the accountability to stand behind their promises and claims. Of course, we recommend Webroot—an industry pioneer in business-grade SaaS solutions that integrate layered corporate and small business internet security, data protection, data management, and policy management in the cloud. Webroot products come with the industry’s best customer support, and we guarantee their performance and availability.