Host-based antivirus
Read more: Car dealership beats security password sprawl with Centrify
Every system – from end-user workstations to servers – should have antivirus software which runs full time, performs real-time scanning of all traffic and files, regularly scans the system and checks for updates multiple times per day.
A single system running without antivirus is an easy target for malware to find its way into your network.
Endpoint protection
Some of you may remember the phrase, 'Garbage in, garbage out'. That's a computer and so true if you give someone local admin rights when they shouldn't.
There is so much damage one person can do that you need to take steps to prevent it.
Augment your antivirus software with endpoint protection to prevent users from connecting unapproved USB devices and enforce encryption on approved devices so that when they are lost, you don't have a data leakage scenario to deal with.
Nothing should get in or out of your network without you knowing.
Web monitoring and filtering
One of the biggest risks to your 'castle' can come from unrestricted Internet access. With your users able to go to any website, you have opened the gates so that anything can come or go as it pleases.
You don't have to be in a state of siege to protect your systems, but you should have strong web monitoring and filtering in place so that if anything tries to sneak in or out, you can stop it before any damage can be done.
Given the malware threat, having a web filtering solution that can use multiple antivirus engines to scan downloads is a great way to minimise your risks.
Messaging hygiene
Another way the barbarians try to get through the gates is through email. Whether it is spam, targeted phishing attacks or malware laden attachments, email is a prime attack vector and has been implicated in many of the most prominent attacks of the past few years.
To defend your realm you must protect your email systems and your users from all of these.
Deploy a messaging hygiene solution that scans for spam, phishing, and malware, and look for one that again uses multiple anti-virus engines for the most effective defence against email-borne threats.