Understanding the Cybersecurity Stack

What Is a Cybersecurity Stack?

The term "cybersecurity stack" refers to the layers of different technologies that businesses and individuals use to protect themselves. Each layer in the cybersecurity stack serves a unique purpose.

First, some layers are designed to stop specific threats. For instance, an email filter may not detect communication from a workstation, but a DNS filter would.

Second, having multiple cybersecurity layers provides fault tolerance. If one layer is disabled during a cyberattack, another can step in. Some malware is designed to shut down antivirus software as its first step. A different layer could alert you to this or prevent the malware from communicating further, thus stopping the attack.

Finally, you can select cybersecurity layers based on the risks associated with your assets. For example, an Internet-connected coffee machine does not need the same level of protection as your critical servers, but it should be kept separate from the rest of the network.

Cybersecurity Stack Best Practices

We have briefly touched on some of the solutions that comprise the security stack. I want to help educate you further on them. Secure Point Solutions uses the best practices that industry leaders have worked hard to develop. Software and hardware are not just thrown together without due diligence. Many solutions can integrate into your existing IT provider’s stack of products.

Cyber Threat Intelligence

One of the best ways to stop cyber threats is to know they are coming. This minimizes your exposure. Using near real-time information about active groups attacking and what Indicators of Compromise are found allows your other layers to be tuned to better detect and defeat these threats. A strong vulnerability management program can help minimize the avenues a cyber attacker can use to compromise your systems.

E-Mail Filtering

Attachments and links pose significant risks to users and organizations. Filtering solutions can safely check these before passing them along to the end user. Information derived from those deemed malicious feeds back into the Cyber Threat Intelligence layer.

Firewall

Usually, the firewall is your first line of defense for your business’s physical location. It sits between your internal systems and the Internet, monitoring and alerting you to traffic that may be malicious. For companies with internal applications and services, the firewall may also provide secure connections (using VPN) for remote work or when multiple offices need to share data. Additionally, it can filter Internet content that runs counter to your HR policies.

DNS Filtering

Malware often communicates back to a command and control server for additional payloads or for an adversary to control an infected machine. By blocking malicious domains, the malware has no way to continue the attack. It simply sits until removed. Furthermore, this cybersecurity layer can also help filter content, similar to the Firewall.

Segmentation

Unfortunately, cyber attacks can be successful at times. It’s important to minimize the “blast radius” to lessen the damage by potentially sacrificing one or a few non-critical computers. Segmentation can include separating workstations and servers by placing them on different networks with limited access between them or using credentials exclusive to servers. Keeping the coffee machine separate from your systems is definitely a first step.

Endpoint Protection and Prevention

Anti-virus has been around since viruses first appeared. Endpoint Detection and Response (EDR) and Managed Detection and Response (MDR) are newer solutions that analyze threats differently from traditional anti-virus. Ideally, both solutions should be used. Anti-virus stops malware from attacking an endpoint, while EDR/MDR provides information to stop a cyber attack and investigate what happened before and after an attack.

Device Hygiene

Installing potentially dangerous applications is often an issue for small businesses. Users can freely add apps without determining their reputation or what they will access. This is a serious concern that needs addressing.

User Training

Creating a user-focused security program starts with education. It’s not just about sitting employees down for an hour to watch the same video as last year. In-person or webinar-style training is crucial. Employees need to understand not just how to protect their devices and data, but also why it’s important to do so.

Business Continuity and Disaster Recovery

This cyber layer can mean the difference between recovery and closure for a business. Business Continuity and Disaster Recovery is not just about having a backup of your data. It’s about having a plan for where your employees can work and testing to ensure the plan works. Many businesses learned hard lessons from COVID but never experienced the loss of their infrastructure.

Secure Point Solutions Has Your Cybersecurity Stack in Mind

Your cybersecurity stack is crucial to the protection of your data and keeping your business operational. No single layer can provide adequate risk mitigation, nor can a business defend against cyber attacks with missing layers.

What does your cybersecurity stack look like? Are you missing some of our best practices? I would be happy to talk with you about your cybersecurity needs. Schedule a consultation today by emailing james@secureps.net or calling 515-344-3008.

---wix---