The organization is a small software company that is based out of Melbourne, Australia and was set up four years back. The business domain that the organization works in includes information and network security. The company works in the development along with the customization of the applications in the area of information security and network security. The clients of the company are primarily based out of Australia and are the small and medium scale firms and business units. The company carries out the in-house development of the applications and also customizes the off-the-shelf applications and packages.
The organization is now expanding its business activities and operations and is set to target new customers. It aims to provide online security services to its existing and new customers. The new set of clients may include pharmaceutical organizations, online gambling organizations and hospitality industry organizations.
There are a lot many developments that are being done in the field of network and information security with each passing day. There are many applications that have been developed in these areas to make sure that the associated risks and attacks are avoided. The report covers the details of such applications along with their features, advantages and disadvantages. The organization is looking to expand in the coming years and the utility of these applications in the expansion phase has also been covered in the report (Abomhara & Koien, 2015).
The primary aim of the report is to cover the latest developments that have been done in the area of information and network security. The report covers three of such applications along with their details. The expansion plan in terms of these applications has also been covered. There are recommendations and findings that have been included at the end to make sure that a complete clarity is provided and the organization makes use of the best available options.
Information and Network Security
Information Security refers to the discipline that includes the measures that are taken by a user or an organization to protect the information from the security risks and attacks. There are three primary properties of the information that are required to be protected viz. confidentiality, integrity and availability. There are numerous information security risks that have been created to cause damage to these properties of information. Information security provides the technical, administrative and physical security measures to prevent and detect these attacks.
The networking infrastructure that is being used in the applications, systems and organizations of the present times are exposed to a number of security threats and risks. Network Security is the domain that provides the physical and logical measures that may be taken to avoid such issues. There are also administrative checks and controls that are applied to ensure that the network security risks are avoided.
Common Information and Network Security Risks
There are various information and network security attacks that are being executed by the attackers. The information and network security applications that the organization develops and customizes must make sure that the following security issues are targeted.
- Information breaches and leakage take place very frequently and these are executed on the information that is under transmission or is stored in the database.
- There are attacks on the information availability that are executed in the form of denial of service and other flooding attacks.
- Many of the malware and malicious codes are launched, such as, viruses, ransomware, worms and likewise that also possess a great threat to information (Scaife, 2016).
- Man in the middle attack is a popular network security attacks wherein the attacker sits between the source and the destination and monitors the network activity in an unauthorized manner (Lippmann & Riordan, 2016).
- There are also spoofing and phishing attacks that are executed taking the network access points as the primary agents of threat.
- Hacking of Application Programming Interface (APIs) is a common network security attack that has been witnessed (Bajwa, 2014).
- Message and media alteration attacks violate the integrity of the information (Spruit & Wester, 2013)
Latest Development in Information/Network Security
There are countermeasures that are being developed for every new security risk and attack. There are developments that are being done in the areas of information security as well as network security to deal with the security issues.
Some of the popular areas of research and development include Cryptography, malware protection, intrusion detection and prevention, network monitoring and database security.
There are several applications that have been developed and are present in the market for dealing with information and network security attacks.
Information/Network Security Applications
Comodo Advanced Endpoint
There are various security packages that are now available in the market that provide an integrated security solution using latest measures and steps.
One such package is the Comodo Advanced Equipment that is a low-cost security solution which will be apt for the organization as it is in its expansion phase (Strom, 2016).
The application has been designed using Default Deny Platform that allows the good/clean files that are known and blocked the bad files that are known. The files that are not known are executed using the patent -pending container. There are several features that are provided by this application, such as, automatic prevention of the malware from taking entry into the network. It also provides the protection from viruses and includes free/paid SSL certificates. Internet security along with mobile device management is integrated in the application with additional features such as firewall protection and many more.
Business Intelligence and Big Data tools are being used by the organizations in the current times in terms of the latest elements of technology. Comodo Advanced Endpoint application also makes use of these technologies for behavior analysis and recognizing the patterns that are used for the execution of the attack. There are intrusion detection services that are included in the application that also make use of analytical tools for understanding the patterns that are used by the intruders to gain entry to the system.
The organization will be able to use the features of the tool to develop an application as per the specifications of the client or may also customize the same as per the customer expectations and requirements.
The advantages of the application are as listed below:
- Integrated security solution that provides information security, network security as well as database security.
- Patch management can be done with the aid of the application (Comodo, 2016).
- It is compatible with Windows, Mac OS, Android OS and other popular operating systems.
- Remote management is made possible with this application.
- Use of business intelligence concepts and technologies
- It comes with powerful features and is low on cost.
There are certain drawbacks that are also associated with the application as:
- The deployment of the application can be challenging.
- The documentation that is provided along with the application is not detailed and there are issues of clarity associated with the same (Stephenson, 2017).
Bitdefender Antivirus Plus
Malicious codes and programs that are commonly known as malware are the primary reason forms of security attacks that adversely damage the information as well as network security.
There is a lot of work that is being done in the area of malware protection and there are many applications that are also available in the market to offer the customers with the same. One such application is the Bitdefender Antivirus Plus (Pcmag, 2016).
The application includes the following set of features and advantages:
- Phishing protection is provided in the application without any need to install the browser plug-ins.
- The search results are marked for the user with categories such as safe or dangerous elements.
- There are numerous choices to scan the system or the part of a system such as quick scan, full scan, network scan etc.
- Local wireless network can be checked in terms of the security status by using the option of Wi-Fi Scanner.
- There is an in-built ransomware protection that comes along with the application that provides the safety from any of the ransomware attacks.
- Financial transactions can be protected using the utility as Safepay.
- File Shredder is present in the application for the deletion of the unwanted and unsecured files.
There are also a few drawbacks that are associated with the application.
- There is a security bug that has been witnessed in the password manager’s form-filling ability.
- There may be add-ons that certain clients may demand which will involve additional costs.
- The application is available on the subscription basis that is required to be renewed.
Encryption is one of the advanced and most useful mechanisms that can be used for the information and network security.
There are tools that are available in the market that can be used for the advanced encryption of the files and information. One such tool is VeraCrypt.
VeraCrypt is an application that is open source in nature and has been provided by IDRIX. It is a disk encryption application that encrypts the files and makes sure that the risks such as data thefts and leakages are avoided (Fearn, 2017).
The application comes with the following set of features and advantages:
- There are many cold boot attacks that are executed which make use of the encryption keys that are stored in the memory. The application puts a stop on such attacks (PCMag, 2017).
- It provides security against the backdoor access.
- It has the capability to create hidden operating systems.
- It can provide protection to the security tokens along with the smart cards.
- Data theft and data leaks can be prevented
There are also a few drawbacks that are associated with the application.
- An initial round of training is required to understand the features of the application.
- There may be operation errors that the user may perform on the application (Veracrypt, 2017).
Expansion Plan for the Organization
The research that has been done on the latest developments in the areas of information security and network security have provided the results that the organization must make use of the applications that are available in the market to strengthen its area of expertise.
The applications that have been discussed above will provide the organization with the ability to understand the client expectations and demands from such a solution. The same can then be used in the in-house development of the application to provide an enhanced version to the users to make sure that the security of their systems and applications is maintained and ensured.
The customization of the off-the-shelf applications can also be done and it will require the organization to undertake a deeper analysis of the client requirements and expectations.
The organization will be required to carry out a planned approach for a successful expansion. There are the following key terms and features that shall be included in the process.
- Network security is one of the major research areas and the client would require that the networks are protected from all forms of security risks and attacks. This will be possible with the use of an integrated network package that would carry out network scans and monitoring, intrusion detection and prevention, maintenance of network logs and network audits and reviews (Bendovschi, 2015).
- Cryptography is one of the areas that is being researched widely and will be one of the major components that the organization shall focus upon. It would allow the organization to attract new customers as the customers in the current era are looking for advanced cryptography and encryption tools.
- It will be required for the organization to market itself correctly. It shall make use of social media and other marketing mediums to inform the users of the security solutions that it will be providing which will lead to the expansion of the customer base.
Expansion of the organization must also include the setting up of a research team that shall carry out research and analysis activities to keep a track of the latest developments being done in the areas of information and network security. In such a manner, the organization will be able to reach out to the targeted customers.
Information security and network security are the primary areas of research in the current time. The organization also deals in the same and there are efforts that are being done to make sure that the expansion of the organization is done to reach out to maximum number of clients (Allen, 2012).
There are various developments and applications that have been discussed in the report in these areas. Comodo Advanced Endpoint is a security application that provides numerous features, such as, automatic prevention of the malware from taking entry into the network. It also provides the protection from viruses and includes free/paid SSL certificates. Internet security along with mobile device management is integrated in the application with additional features such as firewall protection and many more. The report also covers the malware tool as Bitdefender Plus that provides advanced malware protection and services. VeraCrypt is an application that is open source in nature and has been provided by IDRIX. It is a disk encryption application that encrypts the files and makes sure that the risks such as data thefts and leakages are avoided.
These applications will allow the organization to understand the security requirements from such a solution and will enable it to have an enhanced in-house application development. The customization process will also be made easy with the aid of the same.
The objectives of the report were to cover the details of these applications and to provide the organization with the guidelines to carry out successful expansion.
The same has been achieved in the report as the organization will now have clarity on the applications that it may make use of. It will also provide them with the ability to understand the major research areas and the focus points as well. An overview of the expansion plan has also been successfully covered.
Findings and Recommendations
The primary area of research for the organization shall include technologies such as business intelligence and Big Data tools for the enhancement of network and information security. These tools will allow the organization to develop the latest security measures to be offered to the customers (Hagen, 2013). The next recommendation is the use of cryptographic solutions and algorithms such as advanced encryption and hashing so that the security solutions that are designed are as per the latest security requirements. Cryptography is being extensively researched and the damage that is caused by many of the security risks can be prevented using the same. Network security can be enhanced by making use of advanced intrusion detection and prevention applications (Brecht, 2012).
The organization must focus upon the in-house development of the applications by gaining knowledge on the latest security requirements and mechanisms. The customization can also be done in certain cases wherein the requirements are clearly known and there is a work environment that is provided by the client (Zanoon, Albdour, Hamatta & Al-Tarawneh, 2015).
There shall be efforts that must be done in the areas of the research and analysis to understand the changing nature of security and the latest advancements that are being done.
Abomhara, M., & Koien, G. (2015). Cyber Security and the Internet of Things: Vulnerabilities, Threats, Intruders and Attacks. Retrieved 6 September 2017, from https://www.riverpublishers.com/journal/journal_articles/RP_Journal_2245-1439_414.pdf
Allen, J. (2012). Deriving Software Security Measures from Information Security Standards of Practice. Retrieved 6 September 2017, from https://www.sei.cmu.edu/library/assets/whitepapers/derivingsecuritymeasures.pdf
Bajwa, M. (2014). Wireless Network Security Threats and Mitigation—A Survey. Retrieved 7 September 2017, from https://file.scirp.org/pdf/_2014091813425297.pdf
Bendovschi, A. (2015). Cyber-Attacks – Trends, Patterns and Security Countermeasures - ScienceDirect. Sciencedirect.com. Retrieved 6 September 2017, from https://www.sciencedirect.com/science/article/pii/S2212567115010771
Brecht, M. (2012). A Closer Look at Information Security Costs Working Paper. Retrieved 6 September 2017, from https://www.econinfosec.org/archive/weis2012/papers/Brecht_WEIS2012.pdf
Comodo. (2016). Comodo Launches Advanced Endpoint Protection Solution. comodo.com. Retrieved 6 September 2017, from https://www.comodo.com/news/press_releases/2016/02/comodo-launches-advanced-endpoint-protection.html
Fearn, N. (2017). Top 5 best encryption tools of 2017. TechRadar. Retrieved 6 September 2017, from https://www.techradar.com/news/top-5-best-encryption-tools
Hagen, J. (2013). Effectiveness of Organisational Information security measures. Retrieved 6 September 2017, from https://www.frisc.no/wp-content/uploads/2013/02/finse2013-hagen.pdf
Lippmann, R., & Riordan, J. (2016). Threat-Based Risk Assessment for Enterprise Networks. Retrieved 7 September 2017, from https://ll.mit.edu/publications/journal/pdf/vol22_no1/22_1_3_Lippmann.pdf
Pcmag. (2016). Bitdefender Antivirus Plus. PCMag India. Retrieved 6 September 2017, from https://in.pcmag.com/bitdefender-antivirus-plus-2015/52300/review/bitdefender-antivirus-plus
PCMag. (2017). VeraCrypt. PCMag Business Software Index. Retrieved 6 September 2017, from https://www.pcmag.com/business/directory/encryption/1671-veracrypt
Scaife, N. (2016). CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data. Retrieved 6 September 2017, from https://www.cise.ufl.edu/~traynor/papers/scaife-icdcs16.pdf
Spruit, M., & Wester, W. (2013). RFID Security and Privacy: Threats and Countermeasures. Retrieved 6 September 2017, from https://www.cs.uu.nl/research/techreps/repo/CS-2013/2013-001.pdf
Stephenson, P. (2017). Comodo Advanced Endpoint Protection product review | SC Media UK. Scmagazineuk.com. Retrieved 6 September 2017, from https://www.scmagazineuk.com/comodo-advanced-endpoint-protection/review/9393/
Strom, D. (2016). 10 cutting-edge tools that take endpoint security to a new level. Network World. Retrieved 6 September 2017, from https://www.networkworld.com/article/3089361/endpoint-protection/10-cutting-edge-tools-that-take-endpoint-security-to-a-new-level.html
Veracrypt. (2017). VeraCrypt. CodePlex. Retrieved 6 September 2017, from https://veracrypt.codeplex.com/
Zanoon, N., Albdour, N., Hamatta, H., & Al-Tarawneh, R. (2015). Security Challenges as a Factor Affecting the Security of Manet: Attacks, and Security Solutions. Retrieved 6 September 2017, from https://airccse.org/journal/nsa/7315nsa01.pdf