CYBER PATROL Identity and access management (IAM) is a strategy for controlling how users and machines can access private resources. IAM systems assign users unique digital identities and permissions based on their individual roles and needs. By using IAM, administrators can grant access to the resources that users need to do their jobs and safeguard sensitive data and tools. Intrusion detection systems (IDS) and intrusion prevention systems (IPS) are network security tools that scan for malicious activity. IDS is primarily for listening and reporting, while IPS is capable of blocking and remediating threats. Both technologies have been around for decades but remain in high demand. Malware is a type of software for accessing, disrupting or damaging computer systems. There are several types of malware in the wild including infostealers, trojans, viruses, spyware and rootkits, among others. Malware can spread in a variety of ways including email attachments, links, cloud environments and physical devices. In a recent SpyCloud report, nearly 100 percent of surveyed organizations said they are concerned about malware contributing follow-on attacks like ransomware, which blocks access to systems or data. Multi-factor authentication (MFA), or two-step verification, is an authentication strategy that requires a user to submit two or more credentials before receiving access to a private account. For example, MFA may require a user to submit a password, security question or an SMS code when logging into an application or device. All organizations should use MFA to protect devices and accounts from unauthorized users. Next-generation firewalls are more advanced than traditional firewalls and can inspect traffic up to the application layer (L7). NGFWs offer advanced protection through deep packet inspection, intrusion detection and malware detection and provide the ability to control traffic based on specific applications. However, they typically cost more than traditional systems. SaaS monitoring and management involves monitoring and tracking all software-as-a-service (SaaS) applications within an organization. SaaS tracking is becoming more important as organizations continue to go through digital transformation and invest in software. Monitoring and reporting reduces data sprawl, prevents breaches and lowers costs. Security and information event monitoring (SIEM) platforms enable businesses to automatically detect and respond to security threats. SIEM platforms collect log data in real-time from distributed endpoints, analyze the information and take action when they detect harmful activity. For example, a company can use SIEM to detect a suspicious login and automatically suspend service to prevent an account takeover or data theft. The key difference between SIEM and IDS is that SIEM enables users to take action against cyberthreats, while IDS is only for detecting and reporting. Shadow data refers to any data that exists on a corporate network outside of the visibility and control of IT. For example, a user might store sensitive data on a private USB device, leaving it vulnerable to theft or modification. According to IBM’s 2024 Cost of a Data Breach Report, one in three breaches involve shadow data. Social engineering is a tactic that actors use to manipulate employees into surrendering account credentials, trade secrets and financial information. It’s typically much easier for a threat actor to send a phishing email or targeted text message than break through a protected network, which makes social engineering a popular strategy for cybercriminals. Vulnerability management is the process of identifying, reporting and fixing weaknesses and misconfigurations across software and systems. Up until recently, vulnerability management was a mostly manual and time-consuming process. But now, companies are automating the process to streamline security workflows and improve accuracy and reporting. Zero trust is a framework that treats all internal and external identities as potential security risks. A zero-trust framework requires all users to be authorized and authenticated before accessing data and applications. Cybersecurity vendors typically sell technologies that align with zero trust principles, with some common examples including IAM, MFA, EDR and SIEM. Zero trust can apply to devices, data, networks, workloads and users. o Source: CompTIA Cybersecurity Changes in the Past Year Source: CompTIA Higher priority on determining proper reponse to incidents Greater focus on process improvement More diverse set of technology tools Greater focus on employee education Exploration/implementation of cybersecurity insurance Creation of dedicated cybersecurity resources/team Use of new metric to track success of security efforts Greater use of third parties for cybersecurity strategy Shift to proactive assessment/evaluation measures 45% 40% 36% 35% 33% 33% 33% 32% 31% I am most likely to rely on guidance from a technology advisor when... Source: Telarus I am making a technology decision in a category with which I have less There are MANY competing technology solutions in the space and I need to use the process of elimination for selection I have a strong existing advisor relationship I know I can trust I do not have an existing supplier relationship in the category The technology need is being driven by regulatory compliance 68% 44% 37% 34% 19% 46% 14% 52% 32% 56% Mid Market Enterprise 28 CHANNELVISION | SEPTEMBER - OCTOBER 2024
RkJQdWJsaXNoZXIy NTg4Njc=