Security solutions are not made equal. Some are better than others when it comes to providing overall protection, but most will require you to buy an entire suite that’s enough to break the bank just so you’d feel safe from cyber attacks. So what are you to do if your budget just isn’t big enough to afford all-around protection?
One way to remedy the situation is to gather and enrich your threat intelligence so you can proactively enhance your company’s security posture. There are tools that can help you do that, which won’t cost as much as buying an entire suite of security solutions that you’re not even sure your current infrastructure would be able to support.
To choose the right tool, I compiled a list of threat indicators below that you should look out for to make sure your business stays protected from all kinds of cybercrimes.
- IP resolution: We all know that a company typically owns an entire IP block or blocks, depending on its size. With an IP address on hand, you can check if a certain IP address accessing your website indeed belongs to the organization it claims to by checking if it does resolve to that company’s IP range. If the address in question is located in, say, another country (not where the supposed owner’s company is found), then it could be malicious and should probably be blocked from accessing your domain.
- SSL certificates: An organization that uses SSL certificates is generally trustworthy. That said, check if your site visitors and users whom you exchange emails with (suppliers, partners, and other third-party companies) are SSL-certified and if their SSL chains are properly configured. Be wary of those whose SSL certificates, chains, and configurations aren’t up-to-date and contain questionable information.
- Website content: Doing background checks on individuals and companies that your business interacts with is essential amid a plethora of threats lurking in every corner of the Web today. Make sure that the people you’re doing business with are legitimate individuals or companies and not cybercriminals by checking out their virtual properties.
- Malware: Insufficiently secured websites are prone to compromise. Even the biggest companies can be hacked so their sites can serve as malware distributors. Run domains against malware feeds to make sure they are safe to access. Keep in mind that visiting malware-laden sites, something, not all employees may be aware of, can lead to drive-by downloads or redirect users to malicious pages.
- WHOIS records: All registered domains should have updated and completely filled-up WHOIS records. Make sure that none of the domains accessing yours are owned by cybercriminals or attackers trying to get into your network for various nefarious purposes. WHOIS records are a great way to see who is accessing your site and what his intentions are.
- Mail servers: If you’re worried that your company is being targeted by phishers or any other kind of fraudster through spam, for instance, determining the suspicious emails’ source is easy with the right tool. Check the MX server records of the questionable emails’ sender to make sure they resolve to the right address. If they don’t, then block them so none of your employees can be tricked into downloading attachments or clicking links that could put your organization at risk. There’s a reason for the cybersecurity cliche, “Humans are the weakest link.”
- Nameservers: Legitimate organizations indicate their nameservers in their WHOIS records. That said, you can cross-check suspicious nameservers against a white list to make sure they’re not being run by threat actors pretending to be part of a well-known company, especially one you work or interact with.
Security companies generally collect the same threat intelligence to verify how safe a website is. To ensure that your digital assets always remain threat-free, look out for the indicators of compromise (IoCs) listed above. Create a blacklist that you can easily integrate into your existing security infrastructure, especially if you feel that your solutions are somewhat lacking. And if you don’t want to end up in someone else’s blacklist, make sure your domain meets the same criteria you’re subjecting visitors’ domains to.
Proactive protection doesn’t need to cost you an arm and a leg. You just need to know how threats can end up in your network and systems and block them before they can harm your business. Look for a tool that arms you with sufficient threat intelligence to safeguard your virtual realm without running your company budget to the ground.