Blog LBMC

Print Divider Print Divider Branding
 

The Pros and Cons of a DIY Computer Network Defense Strategy

01/10/2018  |  By: Jason Riddle, CISSP, President, Information Security

Share

Social Logo Social Logo Social Logo Social Logo

There are countless do-it-yourself tools out there designed to help businesses secure their networks. Some are free and open source, with quality levels ranging from “professional grade” to “sketchy” to “malware-in-disguise.”

Do you know how to tell which tools are adequate to your needs?

For small to mid-sized businesses experiencing rapid growth MUST have a comprehensive security plan in order to succeed.

Three approaches small to mid-sized business owners can take to build out their network security toolkit.

The Complete Do-It-Yourself

The biggest advantage of this approach is cost containment, which naturally carries a good deal of weight with business owners. After all, network security measures often don’t return value in a direct or obvious way, at least in the short term. In this light, free security software downloads look pretty appealing.

The biggest disadvantage of this approach is that even if you select the right tools, you may not at first recognize the full scope of your organization’s security needs. Businesses must update their software continuously, staying current on developments in network security to ensure their software addresses new bugs, attacks, and vulnerabilities as they emerge. Even the best and most up-to-date software cannot make deductive, contextualized decisions about your security needs – many important red flags are too subtle for automated detection.

If you decide, in spite of the risk, to address your security needs yourself, there are several steps you can take beyond the basics of installing a firewall and virus detection:

  • Inventory your sensitive data. Make sure you understand what sensitive information is on your network, where it resides, how it may be accessed – and by whom.  
  • Install an intrusion detection system. This is a device that gathers data from your network and alerts you to threats or irregularities.  
  • Examine your log data. Keep an eye on your firewall logs, watching for blocked IP addresses and failed entry attempts. On the same note, watch your server logs for signs of unusual traffic.  
  • Train your team. Security is an organization-wide effort, so train your team to report network oddities such as an inability to log in.

An In-House Expert

Ideally, you want expert eyes on your network at all times, particularly as your business grows. 

The biggest advantage of this approach is comprehensive coverage. Hiring security staff gives you a full-time detective (or team of detectives) on your side, able to watch for signs of danger in real time, piece together clues, and follow up on red flags. Just as importantly, you have someone in-house who can implement and maintain your system effectively, ensuring that your network is truly protected.

The biggest disadvantage of this approach is cost—provided that you choose to view it that way. It’s important for business owners to remember that security is a key long-term investment, potentially saving you untold losses in customer trust, revenue, and reputation down the line. But some businesses simply can’t afford to maintain a full-time security staff. 

If you choose to hire a network security expert, make sure you find someone who is adept at piecing together clues and is up-to-date on the latest security issues, trends, and best practices.

A Third-Party Security Provider

For small to mid-sized businesses, there is an option that balances cost and risk: third-party security services with managed security solutions. In this approach, organizations can have security experts monitoring their networks 24/7, ready to react immediately to a breach or attack.

As with an internal expert, third-party monitoring helps ensure that your network defense strategy is both stable and comprehensive. Some security strategies focus on preventive software – but if that software is breached or goes out of date, it’s all over. When you add the two supporting pillars of expert detection and response, your network security strategy gains the ability to catch changes and respond quickly.

With network monitoring, third-party experts can detect and follow up on a common indicators of network security problems, such as:

  • Unexplained network slowdowns
  • Large numbers of login attempts at unusual hours
  • Disappearing or changing data
  • Passwords seeming to change mysteriously

They should also maintain an up-to-the-minute understanding of new bugs, vulnerabilities, and attack vectors, as well as deep insight on “behind-the-scenes” red flags in your server and firewall logs. Should you experience a breach, they’ll be able to help you collect data on how it happened, clean up your network, and respond to the incident with minimal damage.

What’s right for your business? 

The right approach will depend on the needs and capabilities of a given organization. But for many small to mid-sized businesses, a dedicated internal team may be more than necessary, while a monitoring service can help you achieve the protection necessary to do business with confidence.

On LinkedIn or Twitter? Follow us on LinkedIn and on Twitter at @lbmcsecurity. Learn more about protecting your network from hackers by downloading our guide, Breachbelow.

breach_CTA-1

Originally posted in PivotPoint