When researching website security, there are a multitude of articles outlining what protective technologies should be in place - technologies such as a Web Application Firewall.
So - you go ahead and install a Web Application Firewall, which - depending on the rule set - blocks malicious traffic, prevents SQL Injections and stops anything that looks like an attack. i.e. If the guards around your 'Castle' spot the enemy, you'll be defended.
Great! But what happens if the enemies are sneakier?
(Which they usually are.)
Your guards won't stop anyone that disguises themselves as 'good' traffic. So you need safe-guards in place that will continue to monitor and survey the activity on your estate.
The most effective way of doing that is multi-layered security - give your website an 'immune system'.
- File Integrity Monitoring performs the act of validating the integrity of files using a verification method between the current file state and the known, good baseline.
- Payment Card Data Scanning (PAN Scanning) searches your environment for known formats of Payment Card Data that shouldn't be there.
- Malware Scanning searches for indicators of compromise related to known types of Malware, as well as indicators of malware-type activity.
- File Change Monitoring detects for changes of the files on your environment that may not have been made by you.
Features like these can be monitored and compared to give you a true reflection of the risk to your environment. Keep ahead of the attackers who see your Castle and Moat as merely the next challenge to loot and plunder.
All of these features (and more) have been bundled into a single product - FGX-Web. Find out more here.
Have you ever taken a trip to Europe and looked at castles there? At one time, those beautiful, ancient relics were highly functional. Actually, for about 600 years, castles and moats were the absolute best you could do when it came to warding off invaders. Of course, you don’t see castles being built today. Around about the 16th century, the development of powerful artillery made them passé. That didn’t stop people from building these fortresses for a long time, though; sometimes it takes folks a while to catch on. You see the same type of thinking today when it comes to IT security. Most people are still stuck on a castles-and-moats approach to protecting their networks; just build thicker walls and deeper moats and you’ll be able to keep the bad guys out. But the bad guys aren’t playing along...