Cybersecurity spending grows each year — it reached $114 billion in 2018 and is forecasted to hit $170 billion by 2022 — but “losses due to data exfiltration, stolen IP, and ransomware are accelerating,” Steve Nicol, vice president of sales and marketing for Cigent, told Built In.
In other words, increased security spending doesn’t always make information more secure.
What accounts for this gap? Well, cybersecurity is complicated. Effective security systems have multiple layers, like an onion. Each layer mitigates a different type of threat and fits with the others to form an intricate barrier between hackers and sensitive data. This barrier is so intricate, though, that it can even bamboozle system administrators, preventing them from making the most of their security arsenal.
Top Cybersecurity Tools
- Fortinet’s FortiGate
- McAfee AntiVirus
- Carbon Black’s CB Defense
- Vircom’s modusCloud
- Cigent’s Bare Metal
- NewSoftwares.net’s Folder Lock
- Portswigger’s Burp Suite
- Rapid7’s Metasploit
- CrowdStrike’s FalconInsight EDR
Built In recently spoke with three cybersecurity professionals who demystified the tools of their trade. Besides Nicol and with the help of Women in Cybersecurity, two other experts — Rachel Busch, Cigent’s director of sales; and Deveeshree Nayak, an information security lecturer at the University of Washington at Tacoma — offered insights about the six key security layers as well as the field’s top hardware and software.
A firewall, Nayak said, is like a house door: an outer layer of security that determines what can enter your system. Her eminently sensible advice: “You want to keep your door closed. It protects you from danger.”
Firewall software, which comes preloaded on most Macs and PCs, shields individual devices from malware, viruses and other inappropriate content. Preset firewalls are typically pretty generic, though, so enterprises regularly use hardware firewalls as well. Comprising a $6 billion industry, the latter often can prevent inappropriate communications from coming and going by taking a holistic view of your network, Nicol said.
Company location: Sunnyvale, Calif.
This constantly-updated hardware firewall excels at what software firewalls do: blocking sketchy websites and malware downloads, and scanning even encrypted data for threats. (Some firewalls can’t scan encrypted data, even though it constitutes up to 90 percent of all the data devices receive.) Fortigate has technological capabilities far beyond that, too. Its AI-enabled software constantly monitors all the network’s active users and applications for threats, and it can recognize and block cutting-edge malware, even when it’s never encountered it before.
Palo Alto Networks’s Next-Generation Firewalls
Company location: Santa Clara, Calif.
This company makes an eclectic array of network firewalls. Its hardware ranges from an enterprise-scale solution for large offices to a “ruggedized” device for harsh climates. To complement these, the company also offers virtual firewalls for Cloud-based environments. (Secure as hardware firewalls are, they can’t protect remote servers.) These virtualized firewall processors slip threat prevention into Cloud-based development and deployment pipelines, so that DevOps engineers can deploy quickly and frequently without compromising security.
Cisco’s Firepower-Equipped Next-Generation Firewalls
Company location: San Jose, Calif.
Cisco’s intrusion prevention software, Firepower, is integrated into its next-generation firewalls. Once activated, the software updates automatically every three to five minutes, staying abreast of the latest threats. Take WannaCry, the 2017 ransomware attack that locked more than 200,000 people out of their computers until they paid a ransom. Cisco engineers had created defenses against WannaCry months before it made national news. Firepower also comes in handy when an attack sneaks onto a network by helping enterprises scope and contain the impact.
For individuals, firewalls and antivirus software constitute the bare minimum of security. At an enterprise level, though, two security layers aren’t always enough. “Our clients have had those and still have been hacked,” Busch said.
If a firewall is the door to your house, Nayak said, antivirus software might be the door to your bedroom that protects you against threats already in your system by scanning existing files.
“They look for certain signatures of files to identify malware attacks,” Nicol said.
Symantec’s Norton Antivirus Plus
Company location: Mountain View, Calif.
This Norton family of antivirus softwares have more than 50 million users globally, many of them PC users. Though it has some Mac functionality, this antivirus works best in PC environments, where its machine learning algorithms autonomously identify and neutralize malware and misbehaving apps. Using an emulation protocol, the software even test-opens files on a virtual computer before opening them on users’ actual devices, which unearths hidden bugs. This sounds like it could slow operating systems, but the tests finish in milliseconds.
Company location: Santa Clara, Calif.
McAfee has been a household name since the 1990s thanks to its popular antivirus software and its colorful founder. But while the man and his company have parted ways, the former continues to offer innovative protection (for PC devices) against ransomware, spyware and other threats. McAfee also bundles its antivirus software into multi-layer security packages for enterprises, which feature tools like endpoint detection and response software.
Bitdefender’s Antivirus Plus
Company location: Bucharest, Romania
Bitdefender’s premium antivirus software offers a grab bag of security features in one antivirus product. Besides protecting against ransomware and other malware, (in Autopilot Mode, it can handle these threats without user input), it also offers other features like a password wallet, a designated ultra-secure browser for online banking and phishing protection. This premium antivirus also comes with 200 MB of daily access to a VPN, which lets users connect securely to even the most dubious public WiFi networks.
Endpoint Detection and Response (EDR) software
This souped-up software checks file signatures for signs of malignancy, but also monitors behavior. “A good EDR system can detect suspicious activity running on an endpoint,” said Nicol — whether that endpoitn is a PC, a Mac or a server.
EDR is especially important, Busch explained, when a hacker has entered a system. For the hack to have serious impact, the hacker must be able to siphon information out of your network. But EDR software can essentially quarantine compromised devices, so no new intel can be sent or received. That cuts off hacks at the knees.
Even in less serious situations, EDR monitoring makes unusual activity visible to system administrators. That can be essential to flagging moles and much more. It’s pricey, though, so EDR is typically only used by major companies.
Carbon Black’s CB Defense
Company location: Waltham, Mass.
This EDR tool continuously scans enterprise networks, even tracking the activity of devices (or endpoints) while they’re offline. When its predictive models sense early signs of a threat, it tracks the problem to its source and highlights all the potentially affected endpoints along the way. The software also allows administrators to isolate issues in various ways. By sequestering specific computers, for instance. Or banning a problem app from the network. CB Defense comes with built-in antivirus, too, which means it can jump on attacks from hackers and malware alike.
CrowdStrike’s FalconInsight EDR
Company location: Sunnyvale, Calif.
This company’s FalconInsight EDR monitors network activity in real time, all the time. It stores activity data, too; within five seconds, administrators can use powerful search functionality to review the activity that occurred in a specific five-second window or over the course of an entire year. Administrators rarely need to run manual searches, though; this SaaS tool flags threats on its own and suggests targeted response solutions that contain and shut down intrusions. It’s also not prone to what CrowdStrike terms “silent failure,” which occurs when attackers lurk on a network for multiple days.
Sentinel One’s ActiveEDR
Company location: Mountain View, Calif.
Some EDR software prioritizes visibility (the displaying of all the threats across a network to centralized system administrators), but this software prioritizes speed. When it confronts a threat, it doesn’t merely upload data to the cloud on the threat’s exact dimensions and wait for a human to respond. Instead, it equips each individual device with decision-making AI. The trained algorithms investigate, document and ultimately neutralize threats. They then send rigorously contextualized incident reports to a central repository for human review. This outsourcing of threat-hunting to AI frees up security personnel to focus on outlier threats and macro-level patterns.
Phishing is all about persuading people to click on malicious links by promising that those links are benign — even important. It happens primarily through messaging platforms like email and chat apps, whose built-in spam filters block most generic phishing attempts from generous Nigerian princes and the like.
Targeted phishing attempts, though, can be harder to block. Generic spam is often sent out to thousands of people at once, while a targeted phishing email might be sent only to one user from an author posing as a trusted friend or institution.
“Some [cyberattacks] are so targeted, and they look so real,” Busch said.
For instance: “We see hackers now… go on your Facebook page and see this weekend you were at a children’s hospital event. They’ll buy a domain similar to that and say, hey, thank you so much for coming this weekend. Here’s a link to your receipt or pictures from the event or please sign up.”
Neutralizing that type of scam, which can trick even tech-savvy CEOs, requires special anti-phishing tools.
Company location: Montréal, Quebec, Canada
This Cloud-based, enterprise-level spam filter is a SaaS offering, which means no hardware and no update installation. Users simply sign up online for an array of email protection services, including domain-level email encryption and a backup inbox to use during server outages. One essential feature is an anti-phishing layer that’s designed to prevent personalized attacks. It scans emails for domain spoofing and checks link safety in real time.
TrustedSec’s Ethical Phishing
Company location: Strongsville, Ohio
This information security consulting team assesses enterprise-level cybersecurity by running targeted phishing campaigns. Sort of. Rather than actually stealing or corrupting sensitive information, they track which employees click on risky links and attachments and assess the workforce’s overall security savvy. (In addition to email phishing, they also attempt network break-ins via phone call, SMS and personal encounters.) The company’s work helps clients check the effectiveness of their cybersecurity training and the robustness of their breach response protocols.
Encryption essentially encodes data, making it harder for outsiders to access. You’ve probably heard the term “plaintext” — that’s unencrypted data. Once encrypted, it becomes “ciphertext,” and users need a key to decode it. Typically a password, it could also be a physical key or a fingerprint.
As Nicol explained, there are two main types of encryption: software encryption and hardware encryption. Software encryption is more selective, encrypting individual files and folders. Hardware encryption involves encrypting an entire device. As more and more enterprises move to the Cloud, however, hardware encryption has become less practical. The downside is that while software encryption is certainly better than nothing, according to Nicol, “hardware [encryption] is far more difficult to hack.”
NewSoftwares.net’s Folder Lock
Company location: Beaverton, Ore.
Folder Lock software can encrypt files, but it can also “lock” them. Doing so hides files from the Windows operating system so users need a password to access and open them. On its own, the lock feature functions as snoop protection; it’s even stronger paired with encryption. On Folder Lock, users can encrypt and/or lock files, folders and entire drives; the software also allows for encrypted Cloud storage. In a way, it’s “shredding” feature functions as irreversible encryption. A kind of hyper-deleting tool, it keeps even forensics software from piecing a deleted file back together.
Apple’s latest MacBooks
Company location: Cupertino, Calif.
A prominent example of hardware encryption is TouchID-enabled MacBooks and MacBook Minis. First released in 2018, they contain hard drives that are encrypted by default and can be decrypted only via the owner’s fingerprint. At setup, Apple’s TouchID technology encrypts and stores users’ identifying biodata (read: fingerprint) in a T2 security chip (read: in designated security hardware). The chip is physically separated from the hard drive, which makes it virtually immune to malware. It’s even more secure when paired with encrypted hardware.
Cigent’s Bare Metal
Company location: Fort Myers, Fla.
Bare Metal was designed for the core paradox of encryption: People encrypt essential information rather than just deleting it, because they need to refer to it later. But when they refer to it, they have to unencrypt it, leaving it vulnerable.
Bare Metal essentially functions as a lookout in these situations. If a threat is sensed, it locks down the important decrypted file and stashes it in the computer’s firmware. Once that happens, even discovering the sensitive file’s existence requires authentication.
Penetration testing software
Penetration testing software essentially tests all the security tools above. Does your security system have enough layers? Do those layers actually work? Penetration testing is often handled by human experts rather than software. But Nayak said some software also plays a key role in penetration testing, and can even run certain tests autonomously.
Portswigger’s Burp Suite
Company location: Knutsford, Cheshire, United Kingdom
Company location: Boston, Mass.
Rapid7’s Metasploit does the tech equivalent of turning dirt into gold by transforming hacks into cybersecurity improvements. The software connects to a constantly-updated database of “exploits,” or successful real-world hacks. Users can run automated simulations of any of these on their enterprise networks to see how their defenses respond to realistic threats that evade antivirus programs and spread aggressively. For IT teams, it’s good practice in containing breaches. It also helps them identify and prioritize network vulnerabilities.
Open Web Application Security Project’s ZAP
Company location: Bel Air, Md.
This free and open-source software scans web applications both passively and actively. The passive scanner monitors every request and response that’s sent to an app, in the process flagging suspicious messages. The active scanner conducts automated penetration testing, which attacks the app to test its reaction. That can be a complex process; users can, for instance, use a “fuzzing” feature to identify vulnerabilities too nuanced for an autonomous scan. But don’t be intimidated — the hundreds of volunteers who created ZAP designed it to work for cybersecurity newbies, too.
Images via Shutterstock, social media and company websites.