Cyber Defense and the Importance of Active Monitoring

In general, business owners understand the need to implement basic information technology security defenses to protect their digital assets; however, what they may not know is that when used alone these basic defenses are no longer sufficient in creating the protection necessary for today’s threats. That’s not to say that firewalls, intrusion prevention systems and other network security devices don’t have a place in creating a secure environment. These defenses enable organizations to create an initial perimeter to guard against threats by allowing or denying traffic, providing secure network access and by detecting certain types of malware. What these defenses are incapable of doing, though, is identifying and blocking zero-day threats.

That said, it’s essential for most businesses to not only deploy basic defensive solutions but to also implement a combination of approaches that include more advanced solutions and continuous monitoring. One such approach is to incorporate machine-learning security tools into your company’s cyber defenses. Traditional antivirus programs are static and signature-based, which means they are only able to identify viruses that are known to the program by recognition of their signatures. These types of antivirus programs are limited in that they cannot mark zero-day threats as suspicious, leaving systems that use traditional antivirus programs open to attack by malware that can hide its signatures.

New antivirus programs, however, are non-signature based or machine-learning and actively search for suspicious behavior on a system. These types of programs are looking for malicious behavior and are configurable as to what characteristics and behavior count as suspicious, making them customizable for different industries and businesses. Additionally, when implemented, non-signature based antivirus programs can potentially identify malware that has already been lying on a system previously undetected.

In addition to implementing non-signature based antivirus programs, businesses should incorporate intrusion detection and log data management into their cyber defenses. Intrusion detection systems can help identify malicious activity and compliance violations on a network and potentially respond to any detected intrusions. Log management processes use a different means to detect suspicious behavior by generating, transmitting, analyzing, storing and archiving an information system’s log data.

To learn about Dunbar’s full suite of cyber solutions and how they can protect your business’s network visit