What is Information Security (IS)
Information security is defined as: "the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information. It is a general term that can be used regardless of the form the data may take (e.g., electronic, physical)" (Wikipedia). Information Security or InfoSec focuses on the CIA triad, which is to ensure confidentiality, integrity, and availability of data, without affecting organization productivity. Ensuring information security is a multi-step process for risk management. It involves identifying the associated components such as assets, vulnerabilities, threat sources, potential impacts, and possible controls. The effectiveness of the risk management plan is then assessed.
Good Practice for Information Security
The Information Security Forum (ISF) has published the Standard of Good Practice for Information Security, which is a practical and comprehensive, business-focused guide to identifying and managing information security risks in organizations. The standardization of Information Security took place due to collaboration between academics and professionals. They set basic policies and defined standards for factors such as password, firewall, encryption software, and antivirus software. Further, laws and regulations were also defined on how data was to be handled - its access, processing, storage, and transfer.
Additionally, the need for appropriate change in accordance with continual development was also factored in, as otherwise information security cannot be ensured.
Threat to Information Security
There are many forms of threats that target Information Security, and it is very important for an organization to prevent software attacks, identity theft, information sabotage, and data wiping threats. Ransomware, viruses, Trojans, worms, spyware, rootkits, phishing attacks, and Man in the middle attacks are types of software attacks. Ransomware is used to encrypt data (information) and a ransom is demanded for the decryption key. Failure to pay ransom could lead to deletion of data. According to a Verizon Data Breach Incident Report, 93% of data breaches took place in minutes. And 83% of those breaches were discovered only after a week or several weeks. A single breach costs a financial loss of around $4 million in average, in addition to the loss of consumer trust and damage to the brand. Further, 39% of successful crimeware incidents involved dangerous ransomware.
This scenario showcases the need for an Advanced Endpoint Protection solution to ensure Information security. A huge amount of data gets collected in government organizations, hospitals, data centers, enterprises and other organizations. This data is confidential information and should not fall into competitor hands or other malicious entities.
Advanced Persistent Threats and Zero-day Malware
To acquire information, cyber criminals employ advanced persistent threats and zero-day malware. Most endpoint security solutions cannot provide protection against zero-day malware, as they follow a default-allow platform that allows all files except known malicious files. Studies report that signature-based malware engines are only 30% accurate at detecting new threats.
Comodo's Advanced Endpoint Protection solution utilizes a Default Deny Platform to provide complete protection against zero-day threats. All unknown files are automatically contained in a sophisticated virtual container where the behavior of the unknown file is observed and a combination of static, dynamic and human analysis using VirusScope and cloud-based Valkyrie is used to obtain a verdict. This method completely blocks unknown threats and ensures information security for the organization.