Securing a business network has become more challenging over the years as the threats to a small business has increased. Small businesses used to think that hackers were not interested in their data, so it is not as important for a small company to invest in network security. The opposite is actually true, that small companies are a big target for hackers because they have money, assets and computing power that they want to exploit. Even a small network of a few computers is a target for hackers, due to the fact that they can automate their hacking to achieve penetration into as many networks as possible.
We discuss in detail in our 7 part video series on network security that having a layered approach to network security is essential. One device, software or system cannot protect your computers from all threats. Different vendors and products have different abilities to protect your systems. The proper implementation is essential. This includes anti-virus on PCs, servers and e-mail, anti-spam on e-mail, firewall, intrusion prevention systems, content filtering and employee training.
Unified Threat Management
One of the best innovations over the last several years is unified threat management (UTM), built into the firewall/router. UTM adds increased security into the firewall to perform several functions, including anti-virus protection, intrusion prevention services and content filtering. These services used to require separate high-end devices to process the data, but computing power has increased, allowing one device to perform all these services.
Gateway Anti-Virus Protection
All PCs, servers and other devices on a network should have local anti-virus installed. It is better, though, to scan for potential viruses before they enter a network; therefore, adding anti-virus protection to the router decreases the possibility of getting a virus or malware on a PC or server. The UTM firewall will scan all unencrypted data passing through it and block anything that matches the signature of a virus. This isn't complete protection because the firewall cannot read encrypted data (ie: if you visit a HTTPS website or receive an encrypted document), but it adds a good layer of protection against many threats.
Hackers are constantly scanning the Internet for servers, workstations, or other devices. For example, a security professional recently published a site with a database of publicly viewable workstations, camera systems and other devices that are not protected. You definitely do not want to be on a list like this. An Intrusion Prevention System (IPS) monitors all the data going in and out of the network and detects attempts to attack or gain access to your network. It will automatically block attacks, preventing unauthorized connections to your network.
Ever wondered if your employees are being productive with their Internet usage? Do you want to block social media sites, shopping and other productivity wasting sites on your network. Do you want to make sure that employees are not going to sites that may be hacked or contain viruses. That is the purpose of content filtering. It allows you to control which websites your employees can go to and protect your network from sites that can do harm. It can also log web access and generate reporting so you can make decisions on the productivity of your staff.
An Essential Piece of the Puzzle
UTM firewalls are not a single solution, but an essential layer in the puzzle of prevention of attacks. We have found that networks that are protected by UTM firewalls, along with strong anti-virus, anti-malware, anti-spam and good local network security are not affected by the current threats. These networks do not have extensive downtime, lost data or low employee productivity caused by the threats to their networks. Additionally, UTM firewalls have come down in price over the last several years. The investment in an UTM firewall far outweighs the cost of a security breach. They are essential to the security puzzle of a small business.