What We’ve Learned from the Breaches of 2014

Due to the many recent cyber-attacks that have successfully infiltrated even the most fortified enterprise data centers, network security remains a top priority as companies continuously face unprecedented challenges in combating today’s more organized, highly skilled and well financed cyber criminals. What we have learned from the Home Depot, JP Morgan, Sony and Target data breaches is that attackers and the innovative techniques they use to gain elevated rights and access to corporate networks are methodical, stealthy, unpredictable and almost impossible to detect and prevent by traditional security defense systems. 

So, one of the most effective ways that companies are proactively protecting themselves against today’s sophisticated cyber-attacks is to establish multiple layers of security and threat intelligence that provide numerous methods for preventing and responding to attacks on their network. This is typically the way for the simple fact that no one layer of security is going to provide everything a company needs to be secured. 


Continuous security awareness training for employees to be mindful of the potential risks of social media, social engineering, suspicious websites and fake downloads, not to mention the various spam and phishing scams that they need to be on high alert for at all times.    


Vigorously defend the endpoint as most network infiltrations begin with a compromised user device. There are different client security tools that companies are implementing to defend the endpoints and ultimately the network. These include:

Firewall Enforced Content Filtering Client – a security service that blocks access to inappropriate, illegal and dangerous web content.

Firewall Enforced Client Anti-Virus & Anti-Spyware – a security service that detects and blocks viruses, Trojans and other malware variants.

What makes both the Firewall enforced Content Filtering Client and the Client Anti-virus special and unique is in the enforcement aspect.

For example, if there is a non-compliant device outside the network that wants to access the corporate network, the network services would be denied for that device unless the latest version of the Content Filtering and Client AV is present and actively running with the latest security signatures. Deployment of these client tools is automated, always enforced and always on to serve as the first line of defense to stop malicious code from infecting the network through a compromised endpoint device. Standalone anti-virus software cannot do this.

To further bolster the endpoint security posture, companies are using more advanced secure remote access devices (SSL VPN) to first interrogate the device trying to log in and then approving only limited access based on the confidence the system has in who has logged on, from where, using what device.


Replacing traditional or legacy firewalls with a Next-Generation Firewall (NGFW) – NGFWs give companies superior intrusion prevention, malware protection, application intelligence and control, real-time traffic visualization, and inspection for SSL-encrypted sessions at the gateway using deep packet inspection technology that scans all traffic regardless of ports, protocols or file size, decompress and decrypts every packet, and examines every bit of each file in the packet of every session at multi-gigabit speeds.   


Investment in a capable Intrusion Prevention system with threat detection services that can provide complete anti-evasion and inbound anti-spam, anti-phishing and anti-virus protection.  


Adding SSL inspection capability to detect and block malware that is deeply hidden in SSL-encrypted traffic.


Ensure there is around-the-clock threat counter-intelligence continuously feeding security updates to next-generation firewalls and intrusion prevention systems to combat new malware as they emerge.


Taking advantage of the application control capabilities embedded in the NGFW to further enhance the security defense system by controlling and perhaps blocking the thousands of web applications available over the internet that are possibly malicious.


And last but not least, companies further their security defense system by deploying an email security solution to prevent and block malware trying to find its way in through spam and phishing email attacks. 

Inbound emails are checked to verify that the sender is not a known spammer. In addition to verifying the sender’s IP reputation and that of the email’s content, structure, links, images, and attachments are also checked for deeper security.  Emails are scanned for known viruses, zombies, and other malware variants.   

Dell SonicWALL is recognized as an industry leader and a dependable security partner to provide a resilient security defense system that can effectively combat advanced modern threats. Trusted by SMBs and large enterprises in over 200 countries and territories with over 250,000 customers, Dell SonicWALL has consistently provided innovative, award-winning, time-tested NGFW, Intrusion Prevention System (IPS), Secure Mobile Access (SMA), Email Security and Web Application Firewall (WAF) network security products. Dell SonicWALL next-generation firewalls are capable of providing deeper security and control without compromising network performance to organizations of any size.

About the Author: Ken Dang