2013 CHECK POINT ANNUAL SECURITY REPORT
036
2,600 years later, the same approach perfectly fits today’s
fight against cyber warfare - the best network security
is realized when all the different layers of protection are
harmonized together to fight against all the different
angles of security threats.
This report covered multiple aspects of security risks that
Check Point detected in a wide range of organizations.
It showed that bots, viruses, breaches, and attacks are a
constant and real threat to organizations‘ security. The report
presented that some web applications used by employees can
compromise network security. Finally, the report disclosed
that employees engage in many practices that may cause
unintentional leakage of sensitive data.
In your Security Strategy: Technology
Alone is Not Enough
The Check Point approach to achieve the level of
security needed to protect an organization acknowledges
that technology alone is not enough. Security needs to
grow from a collection of disparate technologies and
practices, to an effective business process. Check Point
recommends that organizations look at three dimensions
when deploying a security strategy and solution: Policies,
People, and Enforcement.
Policies
Security starts with a widely understood and well-
defined policy—closely aligned to business needs rather
than a collection of system-level checks and disparate
technologies. Policies should take into account that the
priority is the business and should suggest ways to conduct
business in a secure manner, as part of the corporate policy.
For example, during the analysis we found that employees
are using web applications that are necessary for the
business flow but might also compromise security. If
we deploy only technologies that block usage of such
web applications, it would result in people flooding the
security administrator with complaints, or even worse,
finding ways to overcome the policy and creating security
issues. Instead, Check Point recommends that you create
a policy that acknowledges cases where the use of such
applications may be needed and define the procedure to
enforce usage in a secure manner. Users should be advised
automatically of the policy when needed.
People
Users of computer systems are a critical part of the
security process. It is often users who make mistakes that
result in malware infections and information leakage.
Organizations should ensure users are involved in the
security process. Employees need to be informed and
educated on the security policy and what is expected of
We will conclude the report
with another Sun Zi quote taken
from The Art of War: here is an
advice for a military general:
“having collected an army
and concentrated his forces,
he must blend and harmonize
the different elements thereof
before pitching his camp.”
28
05
SUMMARY AND
SECURI TY STRATEGY
1...,25,26,27,28,29,30,31,32,33,34 36,37,38,39,40,41,42,43,44,45,...50