“I’ve got a firewall and an antivirus program; that’s enough to keep me secure, right?” Well… that’s half-right. In this video, Zack Abdou, one of our engineers, explains the considerations to keep in mind when evaluating your security tactics. Why do we say a firewall and antivirus are not enough?
What Does a Firewall Do?
A firewall is a network system that acts as a watchdog for the traffic that comes and goes from your system. If your business is a castle, think of the firewall as a robot gatekeeper that blocks unwanted intruders from entering. That sounds like a pretty good system, until you consider a few shortcomings of firewalls.
- Firewalls operate based on preset rules. If someone knows what those rules are, it’s not that hard to outsmart the robot gatekeeper. In our (slightly anachronistic) medieval example here, your robot gatekeeper may be set to reject anyone wearing a red hat. But the intruder knows that, so he dons a blue hat instead and slides right in.
- A firewall has a short range of vision. It reacts to the immediate threat, not looking ahead to see what’s coming next. It relies on you to set rules that allow it to block threats, so if you’re not proactively keeping an eye on the latest cyberattack techniques, it can’t do its job properly. This can leave you susceptible to viruses or other criminal threats.
- Your firewall is tied to your office network. So what happens when your employees have accessed work emails or files on their personal devices, and then leave your company network? Maybe they’re working from home due to the pandemic, or from hotel Wi-Fi on a work trip. Now your company data is on an unsecured network, away from the protection of your firewall.
- Firewalls can’t shield you from user error. Criminals have a grab-bag of tricks up their sleeves for penetrating your defenses. Social engineering and phishing are designed to completely bypass your external defense systems by targeting your users on the inside. No need to trick the robot gatekeeper when Rapunzel lets down her hair and lets the intruder in through a window.
Does this mean it’s not worth it to have a firewall? Absolutely it is; having a gatekeeper with limited power is better than having none at all. We just want to make it clear why businesses shouldn’t trust solely in their firewall to protect their valuable data. What about the other part of the equation?
What is Antivirus?
Antivirus software is a program used to prevent, detect, and remove malware, or malicious software. Think of it like the castle guard; it supports the firewall in its gatekeeping duties, but it also makes regular rounds of the fortress, looking for suspicious activity. Before we tackle why antivirus falls short of complete protection, let’s look at the different kinds of antivirus available.
- Malware signature antivirus is designed to detect the ‘signature,’ or digital fingerprint, of a malicious program. The antivirus comes preloaded with thousands of these identifiers, allowing the software to detect and dispose of known threats.
- System monitoring antivirus looks for suspicious or atypical behavior in order to identify malware. For example, it may create an alert when a user tries to access an unusually large number of files or an unfamiliar website.
- Machine-learning antivirus uses a collection of data from multiple antivirus programs to recognize malware or other criminal activity that it hasn’t seen before—an advantage over signature-based software.
If antivirus can cover all these bases, why would we say it’s not enough?
- If your antivirus is signature-based, it can only protect you against the threats that it came programmed with. It’ll have no defenses against new exploits or zero-day attacks.
- Free antivirus software, while better than nothing, usually only has a small database of malware signatures to check against. This would be like saying if a dangerous criminal isn’t on the FBI’s 10 Most Wanted list, he’s not a criminal and can roam about freely.
- Like your firewall, antivirus doesn’t protect you or your users against phishing scams. Check Point Research reports that 65% of US organizations suffered a successful phishing attack in 2019.
- Most phone users don’t have even a basic antivirus program set up, exposing their device—and by extension, your network—to attack.
- Human ingenuity has a dark side. Criminals are creative; they’re constantly discovering and creating ways to get around your antivirus and firewall. Even the most complex machine-learning antivirus software operates off of combinations of data points. If a malicious actor learns what combination will alert your antivirus, he can change one data point to trick it into marking him as safe traffic.
Now that we’ve discussed some of the downsides of antivirus and firewalls, what can we do about it?
How to Better Defend Your Castle
- Keep your firewall and antivirus up to date. Every patch or update released means more intruders your protection software can identify and repel. Your firewall and antivirus can’t do all the defense work on their own, but you can give them the best fighting chance by keeping them fully equipped.
- Develop a multi-layer security system. To return to the castle illustration, which castle would you want to trust with your treasure? The one with two dated robot defenders? Or the one with state-of-the-art robot defenders, an army of knights to fight a large-scale attack, watchmen, a moat, and maybe even a dragon? This may sound like we got carried away with our castle imagery, but really, each security measure acts like another layer of defense: traffic analysis, log management, SIEM tools, 24/7 monitoring with the help of a SOC team—each of these makes your organization that much harder to penetrate.
- Provide awareness training for your team. Phishing and social engineering attacks can be very sophisticated, more so than most people think. Just like your firewall needs frequent updates to stay effective, the same is true of your team. A monthly or quarterly structured training program can help your team become a human firewall for your organization, able to recognize and repel attempts to infiltrate your network.
- Test your defenses. Don’t get caught in the trap of overconfidence. Criminals are constantly updating their attack methods, so we need to constantly update our defenses to make sure we’re ready for them. Hire a third-party firm to conduct penetration testing or a social engineering campaign for your organization. They’ll be able to identify weak spots or vulnerabilities in your network or team, and help you shore up those security gaps.
SOCBOX provides cybersecurity services, including social engineering, penetration testing, and SOC services, for organizations across many industries. If you’re wondering if your antivirus and firewall are doing enough for you, give us a call. We can examine your environment for weaknesses and suggest a proactive approach to keeping your data secure. Let us help you defend your castle; call 877-284-7789 or email us at firstname.lastname@example.org today.