For financial institutions, keeping an ever-stronger security posture has become a necessity, but the technologies that support web security change as rapidly as the threats. Even an institution that thinks it has solid web security tools and practices in place needs to periodically reassess them to keep pace.
Several core IT security controls must be included in any robust solution to provide multi-layered security. Having multiple layers of security is more important than ever because no single security tool is effective against most threats.
UNIFIED THREAT MANAGEMENT
UTM technologies bundle several security capabilities into a single network-based device to protect both web servers and web client devices. UTM capabilities include firewalling, intrusion detection and prevention, virtual private networks, anti-malware and web content filtering. These functions are all critical for any modern IT environment, and by bundling them into a single device, greater performance and lower costs can be achieved. Examples of UTM technologies include Palo Alto Networks’ PA-5000 series, Cisco Systems’ Adaptive Security Appliance and Fortinet’s Unified Threat Management solution.
These solutions are similar to UTM technologies in that they bundle multiple security capabilities into a single product, but endpoint security solutions are software-based and are targeted toward user devices, such as desktop and notebook computers, smartphones and tablets. Symantec Endpoint Protection, Trend Micro Enterprise Security for Endpoints and McAfee Total Protection for Endpoint are examples of products in this space.
Typical capabilities offered by endpoint security solutions include anti-malware functions, firewalling, and intrusion detection and prevention. Because they are host-based, not network-based, endpoint security solutions travel with the device, so they can protect it from threats no matter where the device may be used, including external environments that do not provide network-based security controls. Keeping web client devices “clean” of malware and other forms of attack is key to reducing web server and application compromises caused by leveraging user access.
WEB AND EMAIL SECURITY
Dedicated devices or server add-ons can examine web and email traffic for suspicious or malicious content and handle this traffic appropriately. It may not be immediately obvious that email security is necessary for web security, but many of the attacks that involve malicious web activity are initiated through malicious emails. Examples of email security gateways are Cisco’s Email Security Appliance, Proofpoint’s Enterprise Protection and McAfee’s Email Protection. Web security gateways include Cisco’s Web Security Appliance and McAfee’s Web Gateway.
ENCRYPTION OF DATA AT REST
Most financial institutions are well aware of the need to encrypt sensitive data in transit over unprotected networks, but it is increasingly important to encrypt sensitive data at rest (on storage) as well. Banks and credit unions have a wide variety of enterprise storage encryption products to choose from. While they all provide the same basic encryption and key management functionality, these tools support encryption of different kinds of storage. Some products support endpoint encryption only (for example, hard drives or removable media), while others also support encryption on file shares, cloud storage and other network-accessible locations. Examples of products that possess this functionality include Sophos SafeGuard Enterprise Encryption, the Symantec Encryption family, RSA Data Protection Manager and McAfee Complete Data Protection (for endpoints only).
Vendors such as RSA and 2FA provide a variety of software and hardware-based products for enterprise authentication services. These services support web security because they enable the use of diverse authentication methods, including multifactor authentication with cryptographic tokens, smart cards and biometrics. Using multifactor authentication greatly reduces the chances that an attacker can steal a legitimate user’s credentials and reuse them. Some enterprises choose to use multifactor authentication for administrators only, while others have moved toward multifactor authentication for all internal users