The firewall is considered the basic element of an organization’s security architecture. It is the wall and the door of the castle, the barrier that prevents unauthorized connections from being made and that allows those that are to pass. But being an essential element, it is not enough since attackers can attack at other levels where firewalls cannot act.
If the firewall was the wall prevented unauthorized access, the antivirus is like the police, which constantly analyzes if any malicious program wants to enter or has entered our network or our devices.
Although these programs are very advanced, attackers are designing new malware continuously, so if we trust that the antivirus will stop everything… we can be surprised.
3. Security Event Management (SIEM)
The SIEM (Security Information and Event Management) will help us to collect, centralize and analyze all the information provided by the rest of the security solutions. It is useless to have a multitude of alarms if no one can review them and take the corresponding actions, so the SIEM will help us to be all in the same place and will allow us to identify those of greater importance, extracting additional information that can help us prevent or stop an incident.
4. Identity Management (IdM)
Having doors and locks is useless if we do not ensure that only the right people have the keys. An identity management solution (IdM, Identity Management) will allow us to identify all our users in an organized way, as well as assign the necessary permissions for each of them, controlling that no one has access to what they should not and that they are removed when they no longer need to access.
5. Continuity plan (data and infrastructure backups)
A maximum in security is that “zero risk” does not exist, so we must always be prepared for a possible incident that interrupts our operations, deletes our information, or even destroys the offices in which we work. For this, it is essential to have backups as updated as possible of our essential information, as well as to have systems and plans that allow us to resume the usual operation after a catastrophe.
And returning to our walled city, having built an impassable barrier, placed gates with guards guarding the entrances, patrols that roam the interior of the city, researchers who review all the information they receive, if the inhabitants of the city are not careful and invite a thug, or lose their keys outside the city, or they carry with them from the outside a dragon egg that has passed hidden before the review of the guards … perhaps nothing we have done prevents an incident.
People who work in organizations must know the basic security measures that they must apply in their workplace, they must know the importance of information and protect their access to prevent an accident or an attacker from causing damage to the organization or themselves.