Three E’s of IT Vulnerability

By Jeff Ray | 12.1.2017

BACKGROUND

In the past, end-user security awareness training was something that was only implemented by a business that needed to maintain some level of compliance.  At that time, the security focus for a network administrator was the perimeter.  The installation of a robust firewall and partitioning of network traffic into different segments went a long way toward protecting the network from attack.  Although the email system was a different vector through which malicious code could infiltrate the network, a good SPAM filter did a satisfactory job of removing potentially nefarious emails or attachments.

PRESENT DAY

In the past few years, attempts to break through a perimeter firewall have largely been mitigated through Next Generation Firewall Appliances (virtual or physical) and security service subscription bundles that allow these Next Generation Firewalls to scan network traffic across all layers of the network stack.  Attackers have largely considered time:reward ratio in getting through the perimeter to be too much time:not enough reward  and sought other methods to breach the network.

BURDEN

Now, more than ever, attackers seek to exploit the end-user through spam, phishing, or some form of social engineering.  This change in approach has forced network administrators to consider the end-user as part of their total security solution.  Ransomware under the title of many different names (Wannacry, Petya, Bad Wabbit) have all appeared in the last 6 months of 2017 and wreaked havoc on Small and Medium Businesses’ in addition to corporate networks.

SOLUTION

Auxzillium has adapted to this threat by implementing a security approach that targets the three E’s of vulnerability attackers seek to exploit today:

Email:

In addition to the pre-existing tools already available for mail protection with Office 365, Auxzillium is now implementing Advanced Threat Protection (ATP).  Emails, Attachments, and Links are all triaged in real-time in order for a battery of tests to be run against them and a determination of their health made.

Edge:

Auxzillium is now adding ATP licensing to the suite of Next Generation Firewall security service subscriptions.  Files downloaded from the web are triaged in real-time, similar to ATP for Email at O365.  This layer of added protection targets user downloads.

End User:

Auxzillium has built a strategic partnership with a cloud based phish simulation vendor.  In doing so, Auxzillium can run Phishing Campaigns.  This allows us to simulate the very things attackers would use to compromise a network, password, or user account through email, text, or phone call.  This is delivered by Auxzillium bundled with premium Security Awareness Training modules in order to educate the user base about how to recognize and deal with spam, phishing, and social engineering.