In an industry where SASE and Zero Trust—plus at least a dozen other acronyms and buzzwords—are the talk of the town, the term ‘Internet security’ seems almost antiquated.
But don’t be fooled. Internet security has never been more critical.
So what exactly does it entail and why is it so crucial for your organisation?
Internet security is a discipline aiming to protect organisations from cyber threats that travel via the Internet. Precise definitions vary, but typically the field includes systems, controls and solutions designed to protect against threats that arise when a user or device interacts with a website, web application, or email that is malicious or has been compromised by a malicious actor.
Why is this important? The Internet is an inherently insecure channel for data exchange.
Think about it like this. Within an offline network, you can ensure that all users, devices and data present are legitimate, permitted and uncompromised. If you can provide this, you should have a secure environment and thoroughly vet all new entrants into the network using the same criteria.
This is not how modern business networks work.
Instead, users and devices constantly communicate with sources outside the network perimeter via the Internet. These sources can’t be vetted in the same way as internal sources. There’s no way of knowing whether an individual, resource, or device outside the corporate network is legitimate, well-meaning and/or uncompromised.
To ensure your organisation is protected against threats travelling via the Internet, you must have systems and controls to identify malicious connections, traffic and content before it can harm your assets, data, or users.
What Threats Does Internet Security Aim to Prevent?
Internet security controls are designed to protect against threats from external sources such as malicious websites, emails and web applications. Some of the most common threats include:
- Malware. Malicious and compromised websites are among the most common sources of malicious software, including widely reported threats such as ransomware. If malware is allowed to infect a device or system, it can quickly cause damage, steal or encrypt data, steal login credentials, limit functionality, or take control of the asset.
- Credential theft. One of the simplest ways to compromise a business network is by using legitimate user credentials. These can be stolen in several ways, most commonly using a combination of spoofed emails, typosquatting and lookalike websites to trick users into thinking they are logging into a legitimate system or application.
- Phishing. Phishing uses malicious emails to transmit a wide range of threats, from malware payloads and malicious links to pure social engineering attacks designed to trick users into compromising themselves, their accounts and/or the organisation. The most common motives for phishing include transmitting malware (often ransomware), stealing user credentials and manipulating payment staff into making fraudulent financial transactions.
- Browser exploits. A malicious or compromised website can run scripts automatically within a user’s web browser. These scripts are designed to exploit unpatched browser vulnerabilities for various malicious purposes.
Internet Security is More Important Than Ever
In the past, the data centre was the heart of a business network. Most applications were hosted on-site at major branches and satellite branches connected to the data centre using traditional hub-and-spoke network architectures.
When a device communicated with an external source via the Internet, that connection was still routed back via the data centre. This is important because organisations could implement security controls within the data centre to monitor traffic in and out of the network and attempt to identify and block malicious connections and content.
This is called a ‘perimeter defence’ strategy, in which an organisation enforces security controls exclusively when the corporate network interacts with the Internet and the data centre.
However, this isn’t how business networks work in 2022.
In recent years, two major shifts have occurred that have disrupted traditional networking and security paradigms:
- Most business applications are now hosted outside the network perimeter in the cloud.
- Users are more distributed than ever, regularly connecting to corporate networks and cloud resources from home (or their local coffee shops).
These shifts have created a series of headaches for IT and security teams worldwide, ensuring the security of geographically distributed devices and maintaining network performance.
Essential Constituents of Internet Security
Internet security solutions must achieve three essential objectives:
- Protect business users and assets from threats via the Internet
- Protect sensitive business data, whether inside the network perimeter or in the cloud.
- Optimise web performance to ensure users’ access to data and systems isn’t hindered by slow connections, regardless of location.
Achieving these objectives is no mean feat. Typically, it involves a strategy that combines modern security and network management solutions to deliver the following essential capabilities:
- SSL inspection—intercepting and inspecting all SSL-encrypted traffic to identify and block suspicious or malicious content before it reaches its destination.
- Intrusion Prevention Systems (IPS)—IPS tools monitor network traffic for known threats such as malicious web content, browser exploits, scripts, malware and bot attacks and block them at the source.
- Cloud Sandboxes—these tools analyse unknown files for malicious behaviour before allowing them to be run on a live device or system. This focus on behaviour is critical because malware variants constantly evolve and can’t always be detected using signature-based approaches.
- DNS security—malware variants often try to communicate with external infrastructure known as Command and Control (C2) servers. A DNS security solution marks suspicious C2 connections for full content inspection to ensure they are not malicious.
- DNS filtering—blocking DNS requests originating from known malicious sources.
- Cloud Firewalls—Similar to traditional firewalls, these tools detect and block malicious traffic. Cloud firewalls are delivered as a service and form a virtual barrier around cloud applications, platforms, containers and other infrastructure.
- URL Filtering—automatically blocking or limiting access to websites and other Internet-connected resources because they are known to be malicious or otherwise undesirable for business use.
- Bandwidth Control—enforcing bandwidth policies across the organisation’s environment and prioritising business-critical applications over recreational traffic.
- Cloud Data Loss Prevention (DLP)—providing scalable visibility and protection for sensitive business data in the cloud. This is typically delivered by a Cloud Access Security Broker (CASB) solution.
- Cloud Security Posture Management (CSPM)—identifying misconfiguration issues and compliance risks in the cloud by continuously monitoring cloud infrastructure.
- Cloud Browser Isolation—minimising exposure to malicious website content and browser exploits by abstracting browsing activity away from end-user devices.
- Email Security—identifying and blocking email-based threats such as spam, malware, malicious links and social engineering content.
Update Your Internet Security for 2022
Your organisation faces the same challenges and threats as most others.
Suppose you’re still trying to meet the security and performance challenges of today’s distributed, cloud-based operations with traditional gateway security tools. In that case, you’ve probably already realised you’re fighting a losing battle.
At CyberOne, we can help you redesign your Internet security program to fit your organisation’s specific needs and challenges. To find out more, visit our Internet Security page.