Best Recommendation for Meeting Security Criteria
Question
After several industry competitors suffered data loss as a result of cyberattacks, the Chief Operating Officer (COO) of a company reached out to the information security manager to review the organization's security stance.
As a result of the discussion, the COO wants the organization to meet the following criteria: -> Blocking of suspicious websites -> Prevention of attacks based on threat intelligence -> Reduction in spam -> Identity-based reporting to meet regulatory compliance -> Prevention of viruses based on signature -> Protect applications from web-based threats Which of the following would be the BEST recommendation the information security manager could make?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D. E.D.
The COO's requirements indicate a need for a comprehensive security solution that can block suspicious websites, prevent attacks based on threat intelligence, reduce spam, provide identity-based reporting for regulatory compliance, prevent viruses based on signature, and protect applications from web-based threats. The information security manager must consider all the requirements and select the BEST recommendation.
A. Reconfigure existing IPS resources: An Intrusion Prevention System (IPS) is designed to block attacks by monitoring network traffic and blocking malicious activity. Reconfiguring existing IPS resources may help to enhance security, but it may not be enough to meet all the requirements stated by the COO.
B. Implement a WAF: A Web Application Firewall (WAF) is a security solution designed to protect web applications from common web-based attacks. A WAF can block suspicious websites, protect applications from web-based threats, and prevent attacks based on threat intelligence. However, a WAF may not be enough to meet all the requirements stated by the COO.
C. Deploy a SIEM solution: A Security Information and Event Management (SIEM) solution is a comprehensive security solution that can collect, analyze, and correlate security events from across an organization's infrastructure. A SIEM can help to identify and block suspicious traffic, reduce spam, provide identity-based reporting for regulatory compliance, and prevent attacks based on threat intelligence. However, a SIEM may not be able to prevent viruses based on signature and protect applications from web-based threats.
D. Deploy a UTM solution: A Unified Threat Management (UTM) solution is a comprehensive security solution that combines multiple security features such as a firewall, antivirus, intrusion detection, and prevention, VPN, and content filtering. A UTM solution can help to meet all the COO's requirements such as blocking suspicious websites, preventing attacks based on threat intelligence, reducing spam, providing identity-based reporting for regulatory compliance, preventing viruses based on signature, and protecting applications from web-based threats.
E. Implement an EDR platform: An Endpoint Detection and Response (EDR) platform is a security solution designed to detect and respond to advanced threats on endpoints such as laptops, desktops, and servers. While an EDR platform can help to prevent viruses based on signature, it may not be enough to meet all the requirements stated by the COO.
In summary, the BEST recommendation the information security manager could make to meet all the COO's requirements is to deploy a UTM solution (Option D). A UTM solution offers a comprehensive set of security features that can meet all the requirements, including blocking suspicious websites, preventing attacks based on threat intelligence, reducing spam, providing identity-based reporting for regulatory compliance, preventing viruses based on signature, and protecting applications from web-based threats.
