What Should You Expect in Your Cybersecurity Tech Stack?
What should be in your tech security stack? This is the question businesses are asking themselves with increased concern as we learn from the cyber environment shaped by the pandemic.
Even before the pandemic hit, cybersecurity was a big issue among organizations, many of whom are seeing a rise in attacks with every year. This has led to increased interest and investment in business security.
Budgeting for cybersecurity has increased 141% since 2010.
In today’s environment, however, it’s becoming clearer that having a scattershot approach to the solutions companies use isn’t good enough.
It’s not enough to just have a quality anti-virus or VPN—businesses need to adopt a multi-layered strategy to fully protect themselves.
Related Post: Why You Need Layered Security
In this blog post, we’re going to take a look at the specific solutions that make up a quality cybersecurity tech stack by showing you what we at Impact provide our own clients when they hire us.
You’ll learn which areas make up a security stack, along with examples of brands that develop the solutions in it.
Let’s dive right in.
Why Is a Security Stack Necessary Today?
A range of solutions is today required to operate a successful cybersecurity strategy.
As we noted, the number of cyberattacks that are targeting businesses in 2021 has increased significantly over even just the last few years, which has in turn led to a sharp increase in spending on cybersecurity from organizations across the country.
Malware increased by 358% overall and ransomware increased by 435% in 2021 as compared to 2019, with phishing attacks accounting for more than 80% of reported security incidents.
Because of the sheer amount of attacks targeted at businesses that occur on a daily basis and the vectors used—whether it’s via email, web-based, device-based—it’s necessary to use a variety of tools that can cover every avenue of attack and potential weakness.
Guarding Against Attack Vectors
By far the most significant attack vector used by cybercriminals is social engineering—71% of IT professionals say they’ve had employees at their company fall victim to these types of attacks.
The average cost of social engineering attacks is around $130,000—untenable for many SMBs. Preventing costs like these by guarding and monitoring devices used frequently by employees is a key method of ensuring business security.
The vast majority of solutions in a cybersecurity stack will be geared towards ensuring the risks of vectors like social engineering are minimized—for example through multi-factor authentication and email filtering—and that common weaknesses within a network (devices) are monitored so that threats can be contained effectively should unusual activity be recorded.
Tech Security Stack
Now we’re going to take a look at what you expect in a tech security stack.
We’ll be examining all the components of a security stack—each tool and solution, what they do, what they protect, and why they are necessary for cybersecurity.
This blog will also list common examples of solutions in a typical security stack that are used to secure every a business.
Perimeter security solutions protect data between a private internal network and an external public-facing network.
In short, it’s your protective shield for your business.
Traditionally, perimeter security has been the be-all and end-all of cybersecurity insofar as guarding networks was concerned. Once upon a time, back when dinosaurs roamed the earth in the 2000s and early 2010s, it was often sufficient for companies to use just a perimeter firewall solution.
Now, that’s not the case today, but perimeter security still plays a vital role in securing data internally for businesses.
There are several solutions that can achieve this. The most notable are unified threat management and a web application firewall.
Unified threat management is a comprehensive solution that will include a lot of tech that you’re likely already familiar with. Antivirus; firewall; intrusion detection; spam filtering; content filtering; and in some cases, VPN support for encrypted communications.
A UTM is an excellent tool for uncovering and nullifying potential threats attempting to gain access to your network.
A web application firewall, or WAF, is similar, but focuses on data traveling between the end user and the cloud app they’re using. Because so many businesses today store, handle, and access data in the cloud, WAFs have become important tools to supplement cybersecurity strategies.
Examples of providers for these solutions: Cisco Meraki (UTM), Cloudflare (WAF)
Just as WAFs are more significant in 2021 because of the increased use of cloud apps in organizations, endpoint protection is also important because of the modern prevalence of the Internet of Things, which has led to substantial increase in the number of devices businesses have to protect.
Endpoints are everywhere in a modern business environment—smart TVs, mobile devices, printers, vending machines—you name it.
In 2015, there were 15 billion Internet-connected IoT devices worldwide. In 2020, that figure had doubled to 30 billion—by 2025 it will be 75 billion.
To manage these endpoints, businesses should utilize domain name system (DNS) protection. DNS is best thought of as a sort of “phonebook” for computers, which understand IP addresses rather than human language.
Of course, not every “number”, or site in the phonebook is trustworthy and there are many malicious sites out there. DNS protection stops access to malicious sites, and can be extended to all devices under network, meaning an employee browsing on their phone using your company network won’t accidentally let a cyberattacker into your business.
Cisco has indicated that over 90% of attacks are done over DNS and only two-thirds of organizations monitor their DNS records.
Then we have managed detection and response (MDR), which is an endpoint protection service that detects, prevents, and responds to attacks across all vectors.
As opposed to searching for the characteristics of malware—which can be hidden or changed to something unrecognizable—as a traditional protection service would, MDR monitors the processes of every endpoint, recognizing deviations from the norm and responding.
Finally, we have persistence detection. “Persistence” refers to a modern hacking process, whereby cybercriminals gain access to your systems and wait for the opportune moment to strike.
This solution uses advanced technology to sniff out bad actors hiding in plain sight by collecting information and activity associated with persistent mechanisms that evade other cybersecurity technologies.
Examples of providers for these solutions: Cisco Umbrella (DNS), SentinelOne (MDR), Huntress (persistence)
Info security is essential in preventing data leakage and other forms of unintentional data loss.
Information security is all about access and stopping inadvertent data loss. Data loss prevention (DLP), for example, is about preventing data leakage, which refers to the unauthorized transfer of data from inside your organization to outside.
Related Post: What Is Data Leakage and Why Should You Care?
DLP aims to rectify this issue by establishing clear standards for your data through labeling. This means determining where certain data should be stored, who has access to it, and where it can be shared.
This approach is a typical standard in cybersecurity programs and avoids the significant issues that data leakage can bring to a business.
Email protection, meanwhile, operates on the same premise; only for your email communications. Email protection solutions help prevent many common vectors like phishing attempts, spam, and viruses communicated to end users through email servers.
Examples of providers for these solutions: Microsoft Azure (DLP), Proofpoint (Email)
Authentication solutions ensure the people accessing your business data are who they say they are.
Authentication is a simple and incredibly effective way of preventing unauthorized users accessing your business accounts, and yet is not taken seriously and often overlooked by companies in their security policies.
Microsoft estimates that using MFA stops 99% of all automated brute force attacks.
Multifactor authentication (MFA), which requires the use of a secondary device or methods to authenticate a user, has proven especially useful in preventing breaches, and solutions that cater to this are capable of protecting every app or software service you use; in addition to meeting modern compliance standards.
Likewise, automated password management solutions mean that you can ensure your employees are consistently staying up-to-date with strong passwords.
This tech can push password change automation, keep a full trail of password history, and encrypt all the information tracked.
Examples of providers for these solutions: Duo (MFA), Passportal (password management)
Backup and Disaster Recovery
In case of data disaster, businesses need to retrieve lost information as soon as they possibly can.
Backup and disaster recovery (BDR) is aimed at making sure that any vulnerable information in your business, whether it’s data stored on internal servers, external cloud data, or website data, is backed up and can be restored instantly.
BDR is a way of preparing for the worst, because data breaches can be incredibly costly to SMBs.
The average time it takes for a company to identify and contain a data breach in their system is 279 days—that’s over nine months
The issue is that many businesses do not have any form of BDR in place, making this an important part of any cybersecurity strategy.
Then we have software-as-a-service backup, which protects the data that people handle on their cloud apps, as well as website backup, which restores all data from your website in the event of a breach.
Examples of providers for these solutions: VirtualImage (BDR), Backupify (SaaS), CodeGuard (Web)
Last, but by no means least, the final component of a cybersecurity tech security stack is monitoring.
Monitoring tools provide total visibility into your network and find vulnerabilities.
These tools include vulnerability scanning, security information and event management (SIEM), and network detection and response (NDR).
Vulnerability scanners use machine learning to automatically assess risks associated with functions and processes across your hybrid network—whether in the cloud or internally.
When vulnerabilities are detected, they are prioritized in terms of their threat level and patched to ensure safety.
An SIEM is a monitoring and event management solution that can be integrated with several major tech providers like Microsoft. This solution will alert you if it recognizes, for example, a suspicious login or excessive failed login attempts, in addition to general instances of abnormal behavior across your network.
The SIEM effectively creates a centralized database of any and all threats and abnormalities discovered by the solution, escalating them to your IT team in real-time for remediation.
Network detection and response (NDR) is similar, but is more focused on network traffic analysis (NTA), detecting anomalies and providing more granular data on security events that raise suspicion.
An NDR will help a business increase their total visibility into their network profile, offering a more extensive approach to threat detection than a SIEM solution alone.
Examples of providers for these solutions: Qualys (vulnerability scanning), Perch (SIEM and NDR)
We hope that by reading this blog post you now have a greater understanding of what a comprehensive cybersecurity tech security stack looks like for a modern business.
At Impact, we always recommend a multi-layered approach to business security that covers all your bases.
It’s unfortunately no longer the case that a simple firewall—or any one solution for that matter—will be sufficient for any organization in 2021.
In order to protect yourself to the fullest degree and avoid costly data breaches, consider having an expert audit your business’ cybersecurity and then build a strategy to address your weaknesses with the solutions we’ve looked at today.
Subscribe to our blog to receive more insights into business technology and stay up to date with marketing, cybersecurity, and other tech news and trends (don’t worry, we won’t pester you).