Is Your Security Secure?

Andrew Timms, Sales Director APAC at Paessler AG

At the start of every calendar year, I get asked about technology trends for the coming year and the increasing importance of security with so many new nexus forces at play. Thankfully, security is always trending. Since the early days of networking, IT-security has been a critical issue, and that remains true now more than ever.

In 2015, a survey conducted by Paessler revealed that 58% of all surveyed IT administrators named security as one of their key tasks and constant challenges. In the past, a firewall and a virus scanner were sufficient to protect the network of an SME, but today, a number of interconnected solutions are needed to counteract the ever-evolving threats. All these IT security tools can only provide comprehensive security if their function is ensured and if the overview about all measures is being guaranteed. This requires a comprehensive security strategy that identifies potential hazards, sets up appropriate tools as a preventive protection, and controls and maps all this within one central solution.

Unfortunately, organisations still view security as a “grudge purchase”, which is so dangerous. It is imperative to understand that security is no longer an IT concern but a business issue. But to acknowledge that reality, it is important to recognise the biggest security threats to your business.

What are the biggest security threats to your business?

The Classic Villains

Viruses and Trojans are no less dangerous today, just because they have been around since the dawn of the Internet. Again and again, new malware creates headlines and the ever progressing integration of everything and everybody constantly opens up new doors. Therefore, antivirus, firewall and intrusion detection systems are still justified.

New Backdoors

Bring Your Own Device (BYOD) and Internet of Things (IoT) create new opportunities for malware intrusion by expanding the threat vector. Previously, a simple ban on private disks, CDs or USB flash drives was sufficient, but today there are too many devices connected to the network. A general ban is neither practical nor sensible in most companies, because many employees use smartphones, tablets or laptops both privately and professionally. Even IoT creates new gateways, integrating numerous devices into the network which do not belong to IT and which come with a risk that is often difficult to assess. IT has to meet the risks involved in advance and find the right compromise between new opportunities and greater flexibility on the one hand and the necessary security on the other.


Not only malicious attackers threaten your data: failures or misconfigured devices and applications can also cause data loss. It is not about building lines of defense, but rather setting up a monitoring and early warning system which constantly monitors all critical components and immediately takes action on an error or, ideally, can already see the first signs of impending problems and warns you before the situation becomes critical.

Physical Hazards

IT is threatened by more than systemic risks. Physical disasters such as fires, floods, heat or theft should not be disregarded in a comprehensive safety concept. The best antivirus software can’t protect you from a flood in the data centre or an air conditioning failure in the server room.

For virtually every threat there is the right "antidote". Virus scanners and firewalls protect against malware, backup tools assure data, environmental sensors control humidity and temperature, and surveillance cameras have unwanted intruders in view. As long as all these systems operate reliably, your IT is relatively safe. But how do you make sure that everything works? And most of all: How do you keep track of the number of systems that are essential for the security of your IT?

Securing security via Unified Monitoring

For a comprehensive security concept, you need a monitoring solution as a kind of meta-security tool for the monitoring and control of individual measures. Now that we have identified the usual suspects, what does it take for an organisation to build a future-ready, fool-proof security for their network?

  • Ensure security tools are up to date
  • Fallback if conventional tools fail
  • Ensure general functionality
  • Monitoring of physical control devices
  • Keep the overview

Are the virus definitions up to date? Are backups valid? Is the firewall online? Security only works when the security tools are working. The meta-security solution must be able to monitor traditional security tools input and to ensure its correct functioning.

However, what if that one sneaky virus bypasses the firewall? That’s where a suitable monitoring solution is critical to detect unusual behavior and provide real-time alerts.

Monitoring solutions continuously monitor performance and function of all components of your IT infrastructure, no matter whether it comes to hardware, software or data streams, in order to help prevent data loss.

A suitable monitoring solution should also be able to monitor physical sensors as well as video cameras, thus ensuring that all systems operate and if necessary to notify respectively alert you when defined thresholds have been hit.

Another essential aspect of a comprehensive security concept is clarity. Only if you are able to quickly and easily view all your security tools in real time, without having to call up each solution individually, you have a fighting chance to keep track of the entire security situation. The monitoring solution needs to be able to integrate all the tools used and to map them without great effort in a central overview.

Ultimately, no monitoring solution can monitor your entire IT out-of-the-box, modern infrastructures are far too complex and heterogeneous. It is important that the right solution possesses all the necessary functions to monitor the entire IT infrastructure, including as many as possible of the common protocols. Usability is key as well – even if a new monitoring solution is implemented and installed as a meta-security tool in a project, it still needs to be usable. If the solution is too complex in daily use, it will probably not work out as designed.

At the end of the day, a meta-security solution is a key element in a comprehensive safety concept, but what is ‘meta-critical’ to the business is to put the user at the heart of your network security ecosystem.

Join the CSO newsletter!

Error: Please check your email address.

Tags firewallsInternet of Things (IoT)NetworkingIT-securityIoTnexusmalwareSMEcyber securityvirus scannersBYOD

More about Paessler

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Andrew Timms

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place