Cybercriminals are increasingly focused on specific segments. Attackers are looking for the sensitive data that will financially benefit them the most. Law firms often have information on confidential business dealings, personal matters and other situations that attackers could leverage to steal intellectual property and blackmail individuals.
To counter today’s threats, law firms need to increase their efforts to protect their data and systems with solid web security tools and practices. Several core IT security controls must be included in any robust solution to provide multilayered web security — no single tool is effective against most threats.
UTM technologies bundle several security capabilities into a single network-based device to protect both web servers and web client devices. UTM capabilities include firewalling, intrusion detection and prevention, virtual private networks (VPNs), anti-malware and web content filtering. These functions are all critical for any modern IT environment, and by bundling them into a single device, greater performance and lower costs can be achieved. Examples of UTM technologies include Palo Alto’s PA-5000 series, Cisco Systems’ Adaptive Security Appliance and Fortinet’s Unified Threat Management solution.
These solutions are similar to UTM technologies in that they bundle multiple security capabilities into a single product, but endpoint security solutions are software-based and are targeted toward user devices, such as desktop and notebook computers, smartphones and tablets. Symantec Endpoint Protection, Trend Micro Enterprise Security for Endpoints and McAfee Total Protection for Endpoint are examples of products in this space.
Typical capabilities offered by endpoint security solutions include anti-malware functions, firewalling, and intrusion detection and prevention. Because they are host-based, not network-based, endpoint security solutions travel with the device, so they can protect it from threats no matter where the device may be used, including external environments that do not provide network-based security controls. Keeping web client devices “clean” of malware and other forms of attack is key to reducing web server and application compromises caused by leveraging user access.
Dedicated devices or server add-ons can examine web and email traffic for suspicious or malicious content and handle this traffic appropriately. It may not be immediately obvious that email security is necessary for web security, but many of the attacks that involve malicious web activity are initiated through malicious emails. Examples of email security gateways are Cisco’s Email Security Appliance, Proofpoint’s Enterprise Protection and McAfee’s Email Protection. Web security gateways include Cisco’s Web Security Appliance and McAfee’s Web Gateway.
Most law firms are well aware of the need to encrypt sensitive data in transit over unprotected networks, but it is increasingly important to encrypt sensitive data at rest (on storage) as well. Firms have a wide variety of enterprise storage encryption products to choose from. While they all provide the same basic encryption and key management functionality, these tools support encryption of different kinds of storage. Some products support endpoint encryption only (for example, hard drives or removable media), while others also support encryption on file shares, cloud storage and other network-accessible locations. Examples of products that possess this functionality include Sophos SafeGuard Enterprise Encryption, the Symantec Encryption family, RSA Data Protection Manager and McAfee Complete Data Protection (for endpoints only).
Vendors such as RSA and 2FA provide a variety of software- and hardware-based products for enterprise authentication services. These services support web security because they enable the use of diverse authentication methods, including multifactor authentication with cryptographic tokens, smart cards and biometrics. Using multifactor authentication greatly reduces the chances that an attacker can steal a legitimate user’s credentials and reuse them. Some enterprises choose to use multifactor authentication for administrators only, while others have moved toward multifactor authentication for all internal users.
For more information on avoiding data breaches, read the white paper “Cybersecurity for Law Firms.”