Modern cybersecurity has gone through many iterations to effectively protect the data of users. As technology has improved, the security capabilities of devices have improved in tandem. The cybersecurity timeline can be broken into distinct generations made up of different security layers, with capabilities growing more robust each generation.
These generations illustrate how computer security has grown to encompass much more than just the bare minimum. Let’s break down the four generations of cybersecurity layers and explain what each generation added to the ones beforehand.
Generation 1
Generation 1 is made up of a Firewall, Antivirus, and Tape Backup system. This was the predominant cybersecurity measures taken by most businesses just 6-10 years ago. Some businesses STILL only have these layers in place. Threats were not nearly as prominent as they are today and backup technology has a long way to go. Let’s review these layers in more detail.
Firewall
At any given moment, hundreds of thousands of advanced cyber attackers are scanning the Internet for targets. A computer that connects directly to the Internet will get attacked within 15 seconds and dozens a times a second from then forward. The device that sits between your company’s computers and all those attacks is your network firewall.
Having a highly capable firewall is critical for your network and cybersecurity. Any connection or attempted connection to your network occurs via data packets that get sent to your firewall. Your firewall must check thousands of packets every second, and properly determine if that packet should be allowed to continue to your network, rejected back to the device that sent it, or if the packet should simply be dropped, or ignored.
The firewall makes determinations based on various aspects, such as whether the packet contains any malicious code (gateway antivirus), where the packet came from (geo filtering), if the packet is part of any concerted, targeted attack (intrusion prevention and botnet filtering), or contains any content you have chosen to block. It must also apply whatever rules may have been configured for your specific situation.
Having to handle all these tasks requires a firewall with adequate computing power. A firewall not capable of handling all the processing required will at best slow your network down but may also cause security lapses when it is not able to correctly identify risks.
Additionally, the firewall specializes at protecting vulnerabilities at the port and workstation level, ultimately reinforcing safety by covering for the antivirus if it fails to protect against external threats.
Antivirus
An antivirus is installed into a PC’s servers to detect and deter malicious viruses. It is an extra layer of protection that defends against pieces of code that may have slipped past the firewall; antivirus is often accurate since its sole purpose is to locate and exterminate viruses.
Tape Backup
Due to the possibilities of hardware failure in Generation 1, data recovery became a major point of interest. Tape backup was an initial form of data backup and recovery, but left much to be desired in terms of reliability and speed. While the backup was functional, the recovery process was slow and data was often misplaced or uncatalogued.
Generation 2
Generation 2 added Web-Based Antivirus, Spam Filtering, and Disk to Disk Backup. This generation was the next step to getting businesses where they should be today. Web-based anti-virus was implemented to ensure they were updated more often than old school anti-virus tools. In addition, email became a major threat vector. Advanced spam filtering became a necessity in this generation to reduce email threats. Data backup improved drastically compared to the tape to tape backup of the past. Most businesses still find them on generation two cybersecurity. Your own office may reflect this generation.
Web-Based Antivirus
Antivirus used to live at the workstation level in Generation 1, requiring manual updates to keep it running smoothly. Subsequently, web-based antivirus updates in the background and maintains its functionality regardless of user input. This form of antivirus functions at a higher level since vulnerabilities are patched out and protected against by continual updates and tweaks within the program.
Spam Filtering
Spam filtering provides a convenient layer of filtering within email by sifting through unnecessary content and blocking emails depending on their relevance to the user. The ability to recognize and block malicious email limits the exploitation of computer vulnerabilities and allows users to feel more secure when checking their email.
Disk to Disk Backup
The transition from tape-based data backup to disk-to-disk backup indicated a massive improvement in the way that data recovery is carried out. Disk-to-disk as a system is reliable and fast, allowing users to feel comfortable with their computer’s ability to recover lost data.
Generation 3
The first two generations of cybersecurity seem extremely barebones when compared to the capabilities of the modern generations. We see a massive jump in computer security capabilities with the transition between Generation 2 and Generation 3. Generation 3 added a highly configured Firewall, Advanced Email Threat Protection, Office365 MFA, Office365 Backup, DNS Filtering, Security Awareness Training, and Backup Disaster Recovery.
Every business should be AT LEAST to this point. I know it’s a lot of layers, but they are all necessary and not sufficient!
Highly Configured Firewall
Firewalls now function as a complete security solution with Gateway Anti-Virus, Intrusion Prevention, Content Filtering, Geo-IP Filter, and Bot-Net Filter.
Advanced Email Threat Protection
Email Threat Protection provides multilayered filtering that permits legitimate email while blocking malicious threats such as phishing, impersonation, malware, ransomware, and spam-type messages.
- Allows good email through, keeps bad email out.
- Automatically guards against phishing, spam, threats, and email compromise.
- Strong defense against emerging threats.
- Keep employees efficient by reducing unwanted emails.
- Link Protection prevents users from clicking on bad known sites.
Office365 MFA
Multifactor authentication has become a necessity in the world of computer security. MFA requires outside verification of a user’s identity, often through a text message or email to the user’s personal accounts. While simple, this step is very effective at restricting unwanted visitors from your accounts and data. The added layer of security that MFA provides is especially useful in the Office365 suite, as a wide variety of data is stored within Office365 by users.
Office365 Backup
Microsoft recommends third party backup, and this feature does just that. Office365 backup is highly recommended if data is in SharePoint and/or OneDrive, as any data in these areas will not be lost or desynced. This feature also backs up Microsoft Teams for added convenience.
DNS Filtering
Secure Internet Gateway is an enterprise web filtering solution that provides comprehensive, DNS based security for networks of all sizes. The solution scans all inbound and outbound web traffic to provide real time protection against the latest threats. Features include advanced reporting, custom blacklisting and whitelisting, and a granular policy manager which allows you to create location-specific policies.
The earlier and further away from the user you can catch a potential security issue, the better. Secure Internet Gateway looks at the source of packets (data or programs) coming into the network and will block anything coming from sources known to be security problems. It will also look at the traffic (data, information, etc.) coming in from unknown or untested locations looking for potential security issues.
Another benefit of the Secure Internet Gateway is the ability to block access to websites that may not necessarily be security issues, but that users should not be visiting during work hours or using company resources. For instance, social media, shopping, sports sites, etc., can be blocked.
Security Awareness Training
A large portion of cyber-attacks in recent years have relied on what are called “social attacks”. Attackers use various means of getting users—your employees— to divulge information that can then be leveraged in cyber-attacks.
The simplest but most common way of doing this is by sending emails to users that look official and legitimate but are fake and contain links to fake websites to get users to enter their username and passwords. It used to be easy to spot these fake emails and websites, but cyber criminals have gotten far more sophisticated in creating convincing fake emails and websites.
Additionally, there are instances of more brazen cyber criminals calling businesses and asking questions that can be used to target individual users… such as “who is the owner”, “who do we send the invoice to for a service we provided?”, “Which email do we send invoices to?”, etc. This lets them know where to concentrate their efforts.
Unfortunately, humans are often the weakest link in security; and so, the more informed we can make your employees about tactics that might be used against them, and the more often we can keep your employees thoughtful about cyber security, the more secure your IT assets will be.
Training includes simulated phishing attempts, dark web monitoring, real time email analysis, periodic security lessons, and user statistics reporting.
Backup and Disaster Recovery
This is the last line of defense. If all other efforts to keep the bad guys out fails, we can always restore a file, a volume, or a complete server if need be. We would prefer to not have to go to this extreme, but it is our cybersecurity safety net.
For on-premise data:
- Servers are continually backed up and replicated off-site.
- Special care is taken to protect backed up data from an encryption attack.
- Offsite backups are the last line of defense.
For cloud data:
- Microsoft 365 data backup
- SharePoint, OneDrive, Email
Generation 4
Now we get to where we are currently: Generation 4. This generation is the most advanced yet and adds several key cybersecurity features: Advanced Endpoint Protection with Containment, Monitor Detect and Remedy Services, and Directory MFA.
This is the gold standard of Cybersecurity for small and medium sized businesses. With these layer sin place, you’ll be significantly less likely to be impacted by a breach.
Advanced Endpoint Protection with Containment
Having a program, or agent, on the “endpoint” (which is the computer the user is running their applications on) is critical for cybersecurity because the agent can see what other applications or processes are running, what those applications and processes are doing or attempting. and then prevent them from carrying out tasks that are recognized as harmful. A program running on the endpoint is one of the most important aspects of cybersecurity.
Client Security offers complete protection against internal and external threats by combining a powerful antivirus, an enterprise class packet filtering firewall and an advanced host intrusion prevention system (HIPS).
When used individually, each of these modules delivers superior protection against their specific threat challenge. When used together they provide a complete ‘prevention, detection and cure’ security system for your computer. Once installed on a Windows endpoint, Client Security can be remotely configured and monitored from the Enterprise console.
Managed Detection and Response Service
MDR shows threats and behavioral anomalies detected on your network and managed endpoints. Featuring 24/7 threat monitoring and comprehensive reports, MDR provides the network-wide intelligence admins need to remediate existing threats and anticipate future threats.
Cybersecurity attacks continue to increase in complexity, and will often be executed in multi-stage operations, where some of the processes might seem benign; when taken in context with other operations, an overall view of malicious intent begins to appear.
An MDR system provides greater visibility into what is happening on the network. It allows both automated AI systems and trained-eye technicians to recognize the early indications of an attacker setting up and preparing for an attack. For instance, an attacker might set up backdoors into your network or start exfiltrating data outside of your network before initiating an encryption attack. Recognizing and stopping these behaviors as they are happening can prevent the more disastrous data encryption before it occurs.
Active Directory MFA
The integration of multifactor integration into active directory systems is a vital step to securing employee and company information. If attackers are able to obtain entry to your company’s directory system, they will gain access to a plethora of your organization’s internal resources. What’s more, these resources can be easily seized in ransomware attacks due to their increased importance.
By combining multifactor authentication with the backup and disaster recovery features introduced in Generation 3, attackers will find it much harder to breach your systems and access different elements of your data.
Proactive Services
Proactive services include vulnerability scans and penetration testing, two practices that contribute heavily to the successfulness of your cybersecurity.
Vulnerability scans
Vulnerability scans access computers, systems, and networks for security weaknesses. These scans are typically automated and give a beginning look at what could possibly be exploited.
Penetration testing
Penetration testing simulates a hacker attempting to get into a business system through hands-on research and the exploitation of vulnerabilities. Actual analysts, often called ethical hackers, search for vulnerabilities and then try to prove that they can be exploited. The overall goal of penetration testing is to validate the efficiency of your currently deployed security controls.
Conclusion
The advancement of technology layers from Generation 1 to Generation 4 is telling of the state of cybersecurity within a variety of businesses. Security requirements are stricter than ever due to the increasingly effective methods of hackers to infiltrate business systems, making data protection a top priority for business owners.
We’ve come a long way since the protection offered in Generation 1, so it is no surprise that modern technology requires more robust levels of cybersecurity. The reality is that all businesses should strive to have their computer security at the level of Generation 4.
Cybersecurity is not something that you can neglect; any vulnerabilities within your systems can and will be used against you by external threats. Generation 4 is a natural evolution of the previous technology layers and is the standard for protecting data within your business or organization.
Alongside keeping in line with Generation 4 and maintaining up-to-date security software, it is recommended to use resources such as CISA to continually monitor and assess the cybersecurity of your organization. CISA provides a number of resources to keep your data protection in top shape. Additionally, we recommend our blog 15 Critical Cybersecurity Layers Your Business Needs in 2021 to help you gauge where your computer security currently stands.
If you have any questions or inquiries about getting your business up to date with the protection offered in Generation 4, please reach out. Technology is constantly advancing, but so are external threats: let’s make sure your business is at the forefront of cybersecurity.