Anti-Virus (AV) software is a tool in your security toolbox. But AV software alone is not going to stop the bad actors from infiltrating your systems. It is important, but it is only one item on a checklist of necessary precautions. And this checklist MUST continually expand to respond to the evolving threat landscape. If you have not upgraded your security arsenal in the last year, you must review and update it now.
What does AV Software do?
AV software is a program that scans files or directories on your computer for known viruses or malicious patterns of activity. The software will then remove the malicious computer code before it harms your data. This is helpful for any malware that the AV software already knows about, but a brand-new virus will bypass these scans until the AV software company learns about it and updates their product.
The AV software developers must see what bad actors are doing before they can create countermeasures to protect against it. These developers are always trying to catch up to react to new malware. There is always a window where there is no protection against newer threats. This response window is one of the reasons why it is essential to deploy other layers of security.
Cybersecurity Requires a Multi-Layered Approach
Your firm’s security should be reviewed periodically (at least annually). Perform risk assessments and review the progress you have made toward fixing security gaps since your last meeting. Continually enhance your defenses. If you are not constantly expanding your defenses, you are falling behind and increasing your risk. This evolution should be apparent to anyone who purchases cyber-liability insurance. The application for this type of insurance is longer and more involved every year. Your risk analysis and action plan must evolve and grow, too.
Here are some items to evaluate:
- Strong passwords and multifactor authentication
- Continually up-to-date software/ patch management
- Security training for employees
- Regular simulated phishing tests
- Automatic screen lock after a short duration of inactivity
- Endpoint protection software
- Network security defenses
- Encryption of computing devices
- Microsoft Office 365 backups
- Data breach and cyber-attack response plan
- Cyber-liability insurance
- Designated Security Officer
- Backup and Disaster Recovery
- Physical security
- Web content filtering
- DNS filtering
- Dark Web monitoring
- Wire transfer authorization procedures
- Email security filtering
- Limited, controlled access to computers, applications, and data
- Other employee policies and procedures
- SOC and SIEM Service
Security Operations Center and Event Management
When bad actors infiltrate systems, they attempt to hide what they are doing by constantly purging system logs. Security Information and Event Management (SIEM) prevents them from being able to delete this valuable information. By using a SEIM tool, you can configure things so that all security events are immediately sent off-site to the Security Operations Center (SOC) in real time, before a bad actor can purge this information.
A SOC is a team of human analysts that uses sophisticated software to review threat information from many sources, including SIEM tools, to look for suspicious activity and respond to potential threats. This vastly improves your security compared to the far more limited protection that AV software provides. The SOC team sifts through a vast array of information looking for mere hints of suspicious activity that they manually investigate. When they confirm a threat, they can take immediate action to neutralize them.
If you do not have a SOC and SIEM service to proactively detect and respond to threats on a 24/7 basis, strongly consider getting this in place. Simply running the same old AV that you have been using for years is not sufficient protection. A SOC team that constantly looks for and responds to threats will significantly improve your protection.
If you have any questions about SOC and SEIM or any other cybersecurity questions, please feel free to contact me.