Firewalls, IDS/IPS, and AV Aren’t Enough!

Posted by on / 0 Comments

Erin, our cybersecurity expert, explains why old school technologies like firewalls, intrusion detection and prevention systems, and anti-virus software can’t protect you from today’s malware threats.

Video Script: Hi. I’m Erin, the Cybersecurity expert. In this lesson, I’m going to explain why old school technologies like firewalls, intrusion detection and prevention systems, and anti-virus software can’t protect you from today’s malware threats. In the old days (like, a few years ago), we used to protect against cybersecurity threats like this: everything on the internet is “public” and “untrusted”; everything inside the company network is “private” and “trusted”. So we’d set up an edge or perimeter-based defense using firewalls and IDS/IPS solutions to separate the bad from the good. This approach worked for years because attacks almost always came from the internet directly. Many of you probably still rely on this approach today. But today, malicious software or “malware” is used to compromise systems and networks. If cyber-criminals can get malware loaded on a single device in your network, they’ve got you!

So how does malware get past these older technologies? One method is by tricking employees to download the malware through phishing emails or through social media. Since this looks like regular user traffic from the trusted network, the firewall just lets it go right through. Firewalls are designed to stop attacks coming from the outside, not from the inside. Another method is by employees accidentally visiting malicious or compromised websites. Type the wrong domain into your web browser, and pow! Infected! Criminals even compromise real websites so the next time you visit a perfectly normal site, you get infected! Yah… happens all the time. You can also be infected with malware through a USB memory stick, portable hard drive, or cloud storage sites. Often, malware infections happen when you take your laptop home. Let little Billy play games or do homework on the laptop, and you guessed it… infected! That malware is then on the inside of the corporate network when you return to the office or connect remotely. These are just some of the methods criminals use to compromise your network. And once a single system is infected, the malware spreads throughout the entire network infecting everything!

And all those great mobile devices your employees are using? They create more ways than ever to get malware on your network! Once you’re infected, malware can remotely control the computer, extract data, watch what employees are doing, destroy systems, grant the attackers administrative access, attack other networks, and hold your systems and data for ransom. Most malware “calls home” to get instructions from command and control servers. Many believe an intrusion detection and prevention system will stop the malware from “calling home”. But most malware uses encryption specifically to get past these systems. All your IPS sees is encrypted traffic, making the malware effectively invisible!

So if you’re relying on perimeter-based technologies to protect your data, it’s sort of like building a big castle with thick walls to keep all the bad guys out, and then a modern drone flies overhead and drops a bomb down the chimney! When old school technology meets modern threats… the results aren’t pretty! Some people say, “well it’s a good thing I have anti-virus to stop all this malware” Turns out, no! The anti-virus software vendors themselves tell us that they are not effective in detecting or blocking malware. Yah… that’s a real quote. Still don’t believe me that your current cybersecurity solutions are inadequate? Just look at the numbers. On average, it takes an organization 205 days to discover they’ve been breached. That’s over 7 months the criminals go undetected – even with firewall, IDS, and anti-virus software! And when a breach is discovered, over two thirds of the time it’s actually a separate company that discovers it, not the internal staff! Hmm…. Can you think of any company that got breached but a 3rd party had to tell them about it?

In summary, firewalls, intrusion detection and prevention systems, and anti-virus aren’t enough to stop today’s malware threats. Are you still relying exclusively on old school technologies to protect your organization? To learn more, please visit our website or contact us today!