There are countless IT security and support solutions available on the market for businesses nowadays, and if you’re not in the techy know, it can be tough making sense of them all.
Hopefully we all know that you can’t just slap a firewall on a network and immediately consider that network 100% secure. That you can’t just invest in antivirus software and immediately consider yourself immune from malware. And that you can’t just invest in managed IT support and think that you’re shielded from anything bad happening to your tech. So, what gives?
Across our family of brands, we provide a whole raft of products and services, so just how do these offerings interact with each other? Let’s put the puzzle together.
Wait… this is a long list – are you saying an organisation needs all of these things? Absolutely not!
There are a few non-negotiables like endpoint protection with Lima Charlie or Huntress, firewalling, and cyber awareness training, sure. But beyond that, each business needs to consider its own unique risk factors, alongside its relationship with tech, and choose which solutions are going to address their most present security concerns and priorities.
Carrying out a risk assessment like this isn’t always the easiest thing to do if you aren’t au fait with the latest threats, malware, and scams, so we’re always here to help.
What Does a Firewall Do?
A firewall is installed at the point where the physical internal network meets an untrusted external network like the open internet. The firewall’s job is to inspect the traffic coming into the network, ensuring that dangerous traffic like malware, dodgy links, or known threat vectors don’t make their way inside. Modern firewalls can also inspect outgoing traffic to make sure that malware isn’t being spread, and to stop sensitive data from being shared or leaked from the network.
Firewalls generally sit at the gateway between networks, so you sometimes see terms like “gateway protection” relating to firewalls.
What Does a Firewall Not Do?
A firewall is concerned with network security, and as such, it’s unlikely to have much direct control over the security of individual user devices (“endpoints”). It merely stops nasties from reaching your endpoints, so if someone brings a piece of malware into your infrastructure on a USB pen drive, it’s unlikely that the firewall will be able to stop it – that’s more a job for an endpoint protection solution.
Social engineering attacks can also get around a firewall. When a hacker puts psychological pressure on someone to do their bidding, the victim may feel inclined to share some kind of heightened internal access or information. Depending on the criminal’s demands, there are a number of tools that may keep you secure here, but the most important would be cybersecurity training.
How Firewalling Fits in the IT Jigsaw Puzzle
A modern, business firewall is a network security “must have” for most organisations. It sits at the gateway to the network, keeping threats from entering or leaving, much like a castle gatekeeper or nightclub bouncer.
Next generation firewalls provide a whole host of services that keep your infrastructure secure at the network level, but they generally only provide limited oversight into individual user devices. Which leads us nicely on to…
What Does Endpoint Protection Do?
Endpoint protection is the newer, more advanced version of what might otherwise be called “antivirus” or “antimalware” tools. But endpoint protection software does much more than scanning for, detecting, and removing known viruses. Many endpoint protection tools can monitor a device’s behaviour under the surface, potentially unearthing evasive persistent threats and as-yet-unfixed (or unknown) zero-day vulnerabilities.
Many endpoint protection tools also provide a network-wide view of threats and irregularities, giving essential insight into how nasties move from device to device across a network. This central “control room” functionality can also allow admins to quarantine an infected device (using port blocking) without having to manually unplug anything.
Endpoint protection can also include data loss prevention, preventing internal threats from squirrelling away sensitive data on a USB pen drive or by email.
What Does Endpoint Protection Not Do?
Endpoint protection is all about a network’s devices. Think about it this way. There are effectively two ways for a criminal to enter a network: the “main entrance” (where the network meets the internet), or through an unlucky individual’s device. Therefore, both firewalls and endpoint protection respectively are needed to defend both possible methods of ingress.
Both a firewall and an endpoint protection tool may give you some insight into how devices are connected and talking to each other, but their jobs are fundamentally different. In short, firewalls secure the network, endpoint protection secures the devices.
How Endpoint Protection Fits in the IT Jigsaw Puzzle
Much like the antivirus solutions of yore, it’s essential for all businesses to secure their endpoints using some form of endpoint protection. If you’re a small business, this needn’t break the bank.
Having both a network-wide endpoint protection service and a firewall is an ideal option. Depending on the solutions you choose, there may be a smidgen of functional overlap, but more security is always better than less.
Cybersecurity Awareness Training
What Does Cybersecurity Awareness Training Do?
Cybersecurity awareness training does exactly what it says “on the tin.” It’s staff training that helps your teams stay wise to the cyber threats out there and provides actionable strategies to keep them, and the whole organisation, safe online. This can be presented as in-person workshops, online webinars, or on-demand online training resources.
It’s essential for organisations of all kinds to invest in technical security solutions, but a worryingly high number of attacks involve social engineering. Why? Because humans are fallible. And by leaning on social and psychological cues, criminals can better sidestep or subvert technical security controls.
So how bad is social engineering? 83% of identified cyberattacks suffered by UK businesses came about due to phishing (Source: DCMS). And 82% of breaches identified by Verizon involved a human element, including social engineering, deliberate misuse, or good old fashioned human error (Source: Verizon). So, yeah, it’s pretty bad.
What Does Cybersecurity Awareness Training Not Do?
Though cybersecurity training can include guidance on how to operate user-facing tools like multi-factor authentication, it doesn’t teach your wider teams how to operate your firewall or manage your security tools in any way. Privileged information like that needs to stay under wraps.
Offering cybersecurity training is also not an excuse to blame your team should a cyber incident come your way. We encourage a no-blame culture, where those who make honest cyber mistakes (and show genuine remorse) are merely earmarked for further training.
Understandably, cyber training doesn’t render you immune from humans being humans. People slip up, they absentmindedly click things, and go along with social pressures. And worse – criminals are always finding new and scary ways to press our mental buttons. The only solution is to embed good cybersecurity behaviours until they become habit – and then reinforce those habits through further training.
How Cybersecurity Awareness Training Fits into the IT Jigsaw Puzzle
Cyber awareness training can play a large role in your security strategy, but it shouldn’t replace investment in firewalling, endpoint security, or any other security tools. On the contrary, training complements them. Cyber training is simply there to make your team as well-equipped as possible in the face of the current barrage of cyber threats and social engineering attempts we all face every day, and can help keep them safe when they’re off the clock, too.
Managed Detection & Response (MDR)
What Does MDR Do?
Managed detection and response provides a further, human-powered layer of endpoint defence, complementing any antivirus or endpoint protection you might already have. It uses a number of clever tactics to uncover hidden vulnerabilities and persistence mechanisms that might be lurking just below the surface.
However, what sets it apart is that once the software uncovers an active threat, it notifies a human threat hunting team who aid the user in remediating and removing the problem. It’s like having your own security resolution team, but at nowhere near the cost.
What Does MDR Not Do?
MDR is all about endpoint protection and putting things right when threats come your way. You’re unlikely to get an MDR service’s threat hunters talking to you about how to configure your network or what other tech tools to use, and they’re certainly not there for general tech support.
Yet for a service that gets so involved when something goes wrong, it’s worth being aware of how non-invasive MDR tools are. They usually just sit in the background, not taking up much in the way of resources at all.
How it fits in the IT Jigsaw Puzzle
MDR tools are a complement to any existing endpoint defences you have in place. If you can afford the extra outlay, we would highly recommend MDR services to most organisations – from sole operators, to non-profits, to multinationals.
On the whole, MDR is less of a “must have” than general endpoint protection, firewalling, and cyber training. Though we’d argue that MDR might come a close fourth depending on your organisation’s risk profile.
Multi-Factor Authentication (MFA)
What Does MFA Do?
Multi-factor authentication effectively makes it harder for attackers to access accounts that you need to log in to. We’re all familiar with single-factor authentication, where you enter a username (to tell the service who you are) and a password (which verifies your identity, making it an “authentication factor”).
However, passwords sometimes get leaked and can easily be phished for, making “username and password” logins far less secure than you might think. However, MFA adds extra steps in the authentication process, so users have to further prove their identity with more than just an easily guessable or obtainable password. These steps may involve entering a number generated by an authentication app; sending a text with a verification link or code; or through a piece of hardware that you control.
MFA tools can help you employ multiple authentication factors on a single login, each making the account more secure than the last. Basically, MFA makes sure that when you log in, the person logging in is really you. MFA tools can also help you implement totally passwordless authentication, so there are no passwords to phish for at all!
What Does MFA Not Do?
MFA is purely about authenticating user logins with the aim of protecting the data held within those accounts. It won’t keep you safe from viruses or hacks, it’s merely there to authenticate you as a user, making unauthorised access far less probable – even if the criminal does get hold of your password.
How MFA Fits in the IT Jigsaw Puzzle
MFA won’t keep you safe from online harms, but it does make a password hacker’s job more difficult. Even if they do manage to crack your password, they will still have to correctly carry out any additional authentication steps. Good password policies should prevent them from even getting this far, but each authentication factor keeps them further away from your sensitive data.
Hackers are starting to get wise to authentication factors like codes and texts and sometimes try to phish for them. Never share any authentication codes with anyone other than your software’s official login screen!
Managed IT Services
What Do Managed IT Services Do?
Managed IT services basically serve the function of an outsourced IT department. Managed service providers (MSPs) differ when it comes to IT specialisms, but you can reasonably expect an MSP to be responsible for maintaining your business’s PCs and IT processes; ensuring that your network infrastructure is fit for its intended purpose; minimising cyber risks and general IT outages; and being on hand for when IT hiccups do occur.
The core benefit of using managed services is that you get the expertise of a team of IT boffins without all of the expense and risk of employing people in-house. You simply pay for the support you require.
What Do Managed IT Services Not Do?
Whatever isn’t in your mutual SLA (service level agreement)! Before any MSP starts work with an organisation, both parties will generally agree to an SLA, wherein the MSP details all of the support and services they will provide. Be sure to read this document carefully so you understand where the MSP’s remit lies.
How Managed Service Providers Fit in the IT Jigsaw Puzzle
Managed services are there to make sure all of your SLA-covered tech is ticking over nicely, and usually to provide tech support when problems arise, just like an internal IT department would.
Most MSPs would be able to help you manage most of the other solutions in this list, possibly providing managed IT security services too (effectively making them an “MSSP”, or a “managed security service provider”).
MSPs are especially useful to small-to-medium organisations who may not have the resources to employ full-time IT personnel in-house, but managed services can be beneficial to organisations of all types and sizes.
Still unsure about the whys and wherefores of the tech you need? Maybe you’re considering something that isn’t on this list, like an IPS or a DNS Filter? Ponder no more! Simply book a call back from our friendly band of experts who will happily recommend solutions tailored to your needs.