In 1994, a new computer virus was released once every hour. By 2006, this had increased to one a minute. Now, there are 350 000 new samples every day¹
The team at MTG support and work within enterprise IT and network environments that encompass several thousand endpoints. Desktops and laptops running Windows make up the majority of this estate, with Windows Server powering the back office and business applications. There is a growing number of clients who are using Macs and Linux, in the case of Linux – this is typically in their server or hosted environments. In all cases – there is a level of security to safeguard business systems.
The most common layered defense in the enterprise consists of the following controls:
- Network Edge – Firewall. Secures the network edge. A mix of UTM/NGFW and traditional firewalls.
- Inbound E-mail – Anti-Spam and Anti-Virus. Scans all inbound e-mail for viruses, malware and spam.
- Enterprise E-mail – Exchange Anti-Virus. Scans all internal e-mails and mail stores for viruses.
- Server – Anti-Virus client (scans memory, files, processes)
- Desktop – Anti-Virus client (scans memory, files, processes, Outlook, Office, Macros)
To the layman, this seems quite a comprehensive list of controls; securing the enterprise at multiple levels and checking for threats at different entry points.
However – we regularly speak to companies who employ many of these controls and yet they are still impacted by viruses and malware. These companies will use well known brand software, maintain up to date virus definitions and strictly control web-access, so what gives? With the advent of CryptoLocker and similar ransom-ware, some have suggested CyberCrime is responsible for this boom in malware. As the earlier quote alluded to, Kaspersky believe there are over 350k new virus samples every day – it makes you wonder whether traditional anti-virus can keep up!
From my perspective, I would say there have been two marked changes in the enterprise IT threat landscape. The first is the mobile workforce and the rapidly increasing and often unnoticed adoption of BYOD (bring your own device) in the enterprise. The second is the staggering onset and progression of new malware, viruses and similar exploits, many of which often go unnoticed by your typical anti-virus software.
In the next series of articles we will walk through the sort of systems your business should employ to eliminate risks, how to gain additional insight and visibility, and other ways your business can safeguard their data and key business systems.
We will focus on the following:
- Unified Threat Management (UTM) and Next Generation Firewalls (NGFW).
- Intrusion Prevention Systems (IPS).
- Inbound and Outbound e-mail anti-virus scanning, anti-spam filtering and mail archiving.
- Enterprise messaging anti-virus(e.g. Microsoft Exchange).
- Endpoint protection including anti-virus software, heuristics and best practices for desktop hardening.
- Risk and Policy Management which ensures continuous, enterprise-wide compliance and configuration checks against a defined baseline/best-practice.
- Change-Control (Manual and monitored).
MTG provide solutions to a variety of customers ranging from SMEs, enterprises and public sector organisations. We have a range of sector specific solutions focused on Financial Services (including FSA and FSC regulated companies), Healthcare and Biomed, and solutions for the hospitality industry. If your organisation would like to review their defence mechanisms or are facing a particular problem with security, please get in touch today.
¹ – Kaspersky Lab deputy director for global research and analysis Sergey Novikov