Mar 12 2020

Cybersecurity Needs a Layered Approach to Stay Ahead of Attackers

No single tool can do it all, so integrating multiple solutions enables proactive security.

By all rights, Harrison Lewis should feel good about Northgate Gonzalez Markets’ cybersecurity posture. The CIO and chief privacy officer has deployed multiple network security tools and gets routine independent audits.

Nevertheless, Lewis remains vigilant. When data breaches or ransomware infections hit the news, Lewis uses them as teachable moments to remind employees of the importance of good security hygiene and meets with his IT team to make sure it’s prepared for similar attacks.

“When an incident occurs, we play it out in our environment by asking ourselves, ‘If we encountered that, how would we have handled it?’” Lewis says. “We go through scenarios, and that helps us identify other opportunities to harden our defenses.”

As threats evolve, more businesses realize that even with good security technology and policies in place, they’re still vulnerable.

Perhaps the best defense is a good offense. A preemptive strategy like the one taken by the Anaheim, Calif.-based grocery chain starts with asset discovery to assess the devices and data in need of protection, says Ovum senior analyst Eric Parizo. Businesses should then perform a risk assessment to understand their vulnerabilities, determine what attackers would value and locate weak spots.

“With cybersecurity, whether it’s small companies or Fortune 500 companies, there is no one single recipe for success,” Parizo says. “Every organization will have a unique set of risks. Because of that, every ­organization has to start with developing a ­holistic understanding of its own risks, and that will dictate which technologies and services are appropriate for their security.”

Yet even as each situation is unique, most companies will want to deploy endpoint security, next-generation firewalls and multifactor authentication, he says.

Cloud Demands Security Focus

Lewis and his IT staff recently reviewed Northgate Gonzalez Markets’ security architecture as it shut down its two data centers and migrated its virtual servers and storage to the Google Cloud Platform. With the IT infrastructure in the cloud, network security is more critical than ever, Lewis says.

With 42 locations in Southern California, the grocery chain, which specializes in Hispanic foods, relies on the network for credit and debit card transactions and Voice over IP calls. Its 7,000 employees also use it to access business applications, such as accounting, finance, warehousing, merchandising and transportation software, in Google Cloud.

“Without the network, we lose services,” Lewis says.

The company previously deployed VMware’s VeloCloud software-defined WAN technology to connect its stores, distribution center and corporate headquarters.

To safeguard the network, the IT team relies on multiple cloud-based security tools, including Zscaler Internet Access, a web-based content filter that inspects network traffic and blocks users from accessing unauthorized or malicious websites, and Mimecast, an email security gateway that encrypts emails and blocks ransomware, malware and phishing attempts.

Lewis also deploys next-generation endpoint security software from CrowdStrike and subsribes to its threat intelligence service, which alerts the IT staff to emerging threats in real time.

Harrison Lewis
Data is either an asset or a liability, and any information that is valuable to someone else is a threat to the organization."

Harrison Lewis CIO and chief privacy officer at Northgate Gonzalez Markets

Zscaler Private Access, a cloud-based VPN, ensures that Northgate Gonzalez Markets’ employees and suppliers connect their laptops and other devices to the network through a secure, encrypted tunnel.

“The tools slightly overlap in some features, but together they ensure that we have no security gaps,” Lewis says.

Additional security measures include continuing employee education, disabling administrative rights so users can’t install their own software and deleting unnecessary data from storage.

“Data is either an asset or a liability, and any information that is valuable to someone else is a threat to the organization,” he says.

Lewis also hired a third-party threat-hunting service that monitors the network 24/7, analyzes the logs from the network security tools and mitigates threats when they arise, Lewis says. To guard against supply chain threats, he uses a security ratings service that analyzes the posture of Northgate’s third-party vendors and Northgate’s own network and provides a security score, much like a credit score for consumers. 

Finally, twice a year, an independent auditor assesses the company’s security posture and recommends areas for improvement. “It’s an opportunity for us to test all the solutions we have in place,” he says.

In Washington state, Olympia Federal Savings likewise takes a multilayered approach to network security, but key to its strategy are three technologies and services: next-generation firewall protection, a network appliance and a managed service provider for intrusion detection and prevention services.

$150 per record lost or stolen

The average cost to companies that suffer data breaches.

Source: The Ponemon Institute, “2019 Cost of a Data Breach Report,” July 23, 2019

The Value of Multiple Security Partners

“There’s a benefit to having multiple vendors and different technology and sources of threat intelligence,” says Mike Bowen, the bank’s vice president and senior technology officer. “This kind of strategy provides multiple lines of defense to prevent data breaches.” 

The eight-branch bank, known as OlyFed, must secure a data center with up to 100 virtual servers that house ­customer information.

The bank standardized on the PA-800 Series next-generation firewall by Palo Alto Networks, which p­rovides multiple se­curity features, including intrusion prevention, web content filtering and malware protection. It also subscribes to Palo Alto Networks’ WildFire service, which updates the firewall regularly with the latest threat protection.

The FireEye Network Security appliance analyzes suspicious network traffic and blocks malware. “It’s essentially anti-malware and anti-virus at the network level,” Bowen says. “It constantly scans the network, looking for any kind of malicious traffic that’s made it past the initial security layers.”

So far, the strategy has worked. The bank has not suffered any major cybersecurity incidents.

“A key component of our customer service commitment is keeping our customer information secure,” Bowen says.

MORE FROM BZTECH: How to improve employee cybersecurity compliance. 

Businesses Need a Layered Defense

Heartland Dental, which provides administrative support to more than 1,000 dental practices across 37 states, also combats cyberattacks with multiple layers of protection.

In each office, Heartland Dental installs and remotely manages computers, a server, practice management so­ftware, a network, Wi-Fi and a phone system. To shore up security, Ross Petty, senior IT security engineer, deploys endpoint anti-virus software, multifactor authentication, removal of local administrative rights and Microsoft Windows patching.

The company uses several Fortinet security products in each office and at its Effingham, Ill., corporate headquarters. Those include FortiGate 60E next-generation firewalls and the FortiSandbox appliance, which uses artificial intelligence to detect malware and suspicious code and safely isolates them for evaluation.

“With our Fortinet devices, files go east and west across the network,” Petty says. “They can submit files or websites into our sandbox and detonate them to see if they are malicious. This way, we can get ahead of zero-day attacks.”

The company, which manages about 1,500 virtual machines in its data center and over 20,000 workstations across its customers’ offices, also deployed FortiAnalyzer, which correlates the logs from the FortiGate tools, providing greater network visibility.

More recently, Petty installed open-source security information and event management software, a central dashboard that aggregates the logs from the company’s security tools and IT infrastructure. It provides Heartland Dental with full visibility into the company’s threat posture, uses machine learning anomaly detection to uncover threats and sends alerts to the IT staff.

Heartland Dental has written scripts to automatically remediate threats. For example, if a scan discovers a computer has a virus, the tool can cordon the computer off from the network, so it doesn’t affect other devices.

“It’s one central place, so we can automate our response,” Petty says. 

photography By John Davis/BizTech Magazine