Layer 1:入端口阻塞
While country blocking was once a sufficient step in preventing potential attacks, bad actors have since found a way to circumvent simple country blocking techniques. 而国家封锁仍然是推荐的, 您的网络仍然非常容易受到蛮力攻击. Current best practices include blocking all incoming ports unless completely necessary and protected. 为了增加安全性,可进一步执行此操作, it is recommended to block internet access to critical internal resources to only inhouse machines, those physically located inside the security walls or connected over a secure VPN.
第二层:硬盘加密
对于许多企业来说,加密仍然是一种重要的防御方法, including those that are subject to HIPAA or other regulations that require it. 加密您的工作站和服务器硬盘驱动器, 您可以保护敏感数据,无论它在哪里, 包括缓存和应用程序数据. 或者至少你可以让它更难接近.
第三层:下一代端点保护和反恶意软件
Every endpoint in your business should be protected with the latest next generation endpoint protection and anti-malware software to defend against all forms of harmful software. Tools today leverage the power of artificial intelligence (AI) and are much more effective against ransomware threats. 最好的解决方案是阻止黑客入侵, 网络钓鱼, 间谍软件, 广告软件, 以及其他形式的实时攻击, preventing hackers from spreading themselves from endpoints to other computers across the business.
层4:托管补丁
It’s critical that you know when new security patches are announced for your operating systems and applications. 一个托管补丁解决方案, not only will you receive a notification but the patches can be installed immediately, 确保你在任何时候都能得到充分保护.
层5:多因素身份验证
多因素(MFA), 或双因素(2 fa), authentication is the new standard that helps ensure only authenticated and authorized users can access your business-critical applications. 使用合适的软件, MFA可以应用于任何业务应用程序, 所以使用者必须提供两个或更多的证据, 或因素, 访问敏感数据和应用程序. These solutions offer a level of protection once reserved for the enterprise space, 现在可在SMB预算价格.
第六层:电子邮件安全
防御通过电子邮件进入企业的许多攻击, it’s important to train employees to be on the lookout for 网络钓鱼 and other scams. 您还需要设置健壮的电子邮件安全解决方案, 包括设置详细的防火墙规则, 自动扫描所有内部邮件流量, and improving reporting so you always know which accounts have been compromised.
第7层:威胁感知备份和灾难恢复
Backing up your data is itself a form of business protection—but backups also need to be protected. 事实上,数据备份和 灾难恢复 solutions need to be at least as threat-protected and threat-aware as the rest of your business. 解决方案 are needed that provide full visibility into your backup process, 所以你可以马上检测到勒索软件感染. You might need a purpose-built backup system that abstracts the backup data, and you’ll definitely want to test your recovery process on a regular basis to make sure you can recover fast.
第八层:无线安全
Wi-Fi网络是黑客的一个有吸引力的目标, 而且要保护它们也很有挑战性, 特别是随着公司的发展. 全面的无线安全措施应该限制不必要的通信, 自动配置, 让你对你的网络有更深入和广泛的了解. It’s also important to maximize network performance even as you prevent unwanted traffic from entering the network.
第九层:移动设备安全
Imagine the damage if an employee’s (or former employee’s) smartphone or other mobile device is hacked and the data leaked to the public or the competition. 为了防止这样的情况发生, MDM (mobile device management)安全 需要添加到设备内置的基本安全之上. 加密, 访问限制, 远程管理, 其他功能可以帮助完全保护敏感信息.
第10层:自我和第三方审计
Your organization needs to have a regular rhythm of reviewing all internal systems for holes and best security practices. 无论是在内部还是与第三方合作, performing external and internal penetration testing ensures no gaps have occurred. 如果您有自定义代码,请检查其漏洞. Also included in this penetration testing is training and testing of your users. Even the most sophisticated software solutions can be vulnerable if users open the door to threat. 此外,要求用户使用所有的安全特性(i.e. MFA、SSO、端口阻塞等.)在你的SaaS解决方案中可用. 如果他们缺少核心安全特性, at a minimum you need to challenge them to improve their security offering.
获得您需要的安全解决方案
These ten layers of security are essential—but they’re only the beginning. Investing in a comprehensive portfolio of security services is a smart way to ensure you’re fully protected against the full range of existing and emerging threats. 了解更多关于 开发有效的安全意识程序.
现在是确保您的组织受到保护的最佳时机
Ensure your organization is protected by the widest variety of network security services, 标准IPS范围, URL过滤, 智能影音, 应用程序控制, 和反垃圾邮件, 用于对抗高级威胁的服务,如文件沙盒, 预防数据丢失, ransomware保护, 域名重定向, 和更多的.
