It seems like every day we look at the news, we hear more and more stories about cyberthreats and attacks on businesses, governments and even individuals. You’ve probably heard the recent events regarding the WannaCry and Petya malware attacks crippling computer networks, wondering at the same time how you might be affected and what steps are being taken to secure your organization. SouthTech has received a few inquiries about this, so we felt it prudent to go over the various layers of security we offer to protect against these types of attacks.
From a technical level, we implement a multiphasic approach to securing our client’s infrastructure. Most of these are included as part of our PowerView Manage agreements, while others may be available as an optional add-on.
The first level of defense is your perimeter, which is protected by a Unified Threat Management appliance, functioning as both a firewall and traffic analyzer with deep packet inspection. Here, we ensure only authorized traffic is permitted to enter your network, and even that traffic is actively scanned for viruses, malware or other threats. It also provides additional protections, like Geo-IP Filtering, to block Internet traffic from certain countries; Botnet filtering, to stop infections from spreading or reaching out to the attackers; Intrusion Detection and Prevention, to analyze traffic for patterns that indicate an attacker is trying to penetrate your network and stop them before they can; as well as other benefits like Content Filtering, to block access to sites that are unsafe or inappropriate for office use.
The second level of defense is inside of your network and on trusted devices. SouthTech installs and utilizes strong anti-virus and anti-malware software on each workstation and server. We’ve recently rolled out an advanced DNS protection mechanism that encrypts your queries, checks them against lists of known dangerous sites and alerts us in real-time if there is a risk of infection. This provides advanced protection, not only inside your office, but even when employees bring their workstations home or with them on the road. Through our Office 365 solution, we can provide spam and virus filtering, which is often the most common vector for the transmission of malware. Lastly, SouthTech ensures that all servers and workstations are kept up to date with important security patches and software updates.
The third level of defense is knowledge and training. The first part is handled internally by SouthTech. Our engineers and staff stay continuously trained and well equipped – not only the newest security tools, methodologies and best practices, but also on the active risks and threats that affect our clients. This allows us to be as proactive as possible to eliminate risks on your network and, if something does break through, to remediate it as quickly as possible. Not only has SouthTech earned its Security TrustMark+ certification, but most of our technical staff have individual security certifications as well. On the other side of the coin, we also provide security training to our clients and your employees. The weakest point in any organization is often the people, who may unknowingly click on a dangerous link, open a risky attachment or otherwise accidentally provide a method of ingress for attackers into your network. But with proper training, we can help employees understand the risks and hopefully think twice before making those decisions.
The fourth and final level of defense is backups and disaster recovery. No matter how well fortified your network is, there is still a risk that new malware can find a way in and compromise your infrastructure. Which is why one of the most important aspects of any security strategy is backing up your data both locally and, most critically, in the cloud as well. Through our PowerView BDR offering, this is all managed for you, with continuous backups of your servers and their critical infrastructure. Copies of the data are sent to secure off-site repositories, ensuring that even if your network was crippled with a ransomware attack, you would not need to worry about having to pay the extortion to get your data back. While there might be an interruption as the systems are restored, your data is kept safe and protected. This same technology protects you against natural disasters and other events that could physically damage your servers.
We all know that these are dangerous times to be on the Internet, and many of these news articles can cause companies to worry. Being concerned and vigilant is a good thing. Hopefully the information above helps explain some of the steps that SouthTech is doing all the time to protect your business and its critical data.
As always, if you have any questions or concerns, please let us know. Your account manager or network administrator will be happy to discuss what systems are in place specifically for your company and any options that might be available.
Feel free to give us a call for more information - (941) 953-7455.