How to build the best security stack for your business

Cyberattacks can cause financial, reputational, and legal damages, leaving organizations reeling in the aftermath. In the Cost of a Data Breach 2024 study by IBM and the Ponemon Institute, the estimated average global total cost of data breaches was $4.88 million, highlighting the critical need for a robust IT security stack.

While this finding is disheartening, companies can take steps toward mitigating the fallout from data breaches by selecting effective cybersecurity tools. This blog covers certain cybersecurity technologies – firewall security, AV software, security information and event management (SIEM), and password security – that enable businesses to protect themselves from cybercriminals.

Planning your security stack is crucial in building a robust cybersecurity posture. It involves identifying your organization’s specific security needs, assessing potential risks, and determining the most effective security measures to mitigate them. A well-planned security stack should include a combination of security tools, technologies, and processes that work together to provide multiple layers of protection.

When planning your security stack, start by pinpointing your organization’s most valuable assets, such as sensitive data, intellectual property, and critical infrastructure. Understanding what you must protect is the first step in developing an effective security strategy. Then, conduct a thorough risk assessment to identify potential threats and vulnerabilities. This includes evaluating internal and external risks, such as cyber threats, human error, and physical security gaps.

Based on your risk assessment, identify the most effective security measures to mitigate potential vulnerabilities. These might include implementing advanced endpoint detection and response (EDR), cloud-native applications protection (CNAPP), and mobile device management (MDM). Next, evaluate the cost and complexity of implementing and maintaining each security measure.

Lastly, create a security strategy that aligns with your organization’s goals and objectives. This strategy should outline the roles and responsibilities of your security team and the policies and procedures for responding to security incidents. By following these steps when choosing your security stack, you can build a resilient defense against cyber threats and ensure the ongoing protection of your organization’s most valuable assets.

The Cybersecurity and Infrastructure Security Agency (CISA) defines firewalls as technologies that “provide protection against outside cyber attackers by shielding your computer or network from malicious or unnecessary network traffic. Firewalls can also prevent malicious software from accessing a computer or network. Firewalls can be configured to block data from certain locations (e.g., endpoint network addresses), applications, or ports while allowing relevant and necessary data through.”

Firewall technologies consist of both hardware and software. Companies offering firewall products include Fortinet, Palo Alto Networks, Check Point Software, and Cisco.

While firewall protection may sound like an all-encompassing solution for building a security stack, it has limitations, which Cisco acknowledges in a publicly available article. According to the Cisco team:

• “A firewall cannot prevent users or attackers with modems from dialing in to or out of the internal network, thus bypassing the firewall and its protection completely

• Firewalls cannot enforce your password policy or prevent password misuse. Your password policy is crucial because it outlines acceptable conduct and sets the ramifications of noncompliance.

• Firewalls are ineffective against nontechnical security risks such as social engineering.

• Firewalls cannot stop internal users from accessing websites with malicious code, making user education critical.”

• Avoid too many tools: Integrating too many tools into your security stack can lead to lower profit margins, staff exhaustion, and increased vulnerability to attacks. It’s essential to balance the number of tools to optimize security without overcomplicating the infrastructure.

The United Kingdom's National Cyber Security Centre provides a straightforward explanation of antivirus (AV) software, classifying it as “a program designed to detect and remove viruses and other kinds of malicious software from your computer or laptop … Malicious software – known as malware – is code that can harm your computers and laptops and their data. Your devices can become infected by inadvertently downloading malware in an attachment linked to a dubious email, hidden on a USB drive, or simply visiting a dodgy website. Once it’s on your computer or laptop, malware can steal your data, encrypt it so you can’t access it, or even erase it. For this reason, you must always use antivirus software and keep it up to date to protect your data and devices.”

When choosing your security stack, consider the following factors to ensure a comprehensive network security stack. Because malware can wreak havoc, deploying AV software is non-negotiable. Fortunately, there are excellent AV technologies on the market – some very affordable. A recent AV review from technology news website TechRepublic evaluated a number of them and identified (among others) McAfee Total Protection, Kaspersky, Crowdstrike Falcon, and Bitdefender GravityZone as exceptionally strong options for businesses interested in this aspect of a cybersecurity tech stack. 

According to the National Institute of Standards and Technology (NIST), security information and event management (SIEM) refers to gathering security data from information system components and presenting that data as actionable information via a single interface. In layman’s terms, it’s a technology that gives businesses a holistic view of security threats and helps identify anomalous user behavior, as well as when and where a breach occurred. The overall goal of utilizing SIEM tools is to help businesses quickly respond to cyberattacks and lessen the overall impact of data breaches. In addition to providing a comprehensive view of security threats, SIEM tools play a crucial role in vulnerability management by identifying and prioritizing vulnerabilities for remediation. Top SIEM tools were reviewed in another TechRepublic review, including Splunk Enterprise Security, Datadog Security Monitoring, LogRhythm NextGen, and RSA Witness.

A password manager is essential to access management and building the best cybersecurity tech stack for your business. As referenced above, the average data breach cost is staggering – as is the time it takes to determine if an incident has occurred. According to the same IBM report, data breaches involving stolen or compromised credentials took the longest to identify and contain (292 days) any attack vector. While credentials can get lost or stolen for a number of reasons, weak passwords or easily forgotten passwords are particularly susceptible.

Fortunately, there is recourse in the form of password managers, which allow businesses to easily create and manage strong and unique passwords. Password managers prevent the need for reliance on memory and give employees the tools they need to generate strong passwords. According to the 2024 Bitwarden World Password Day Survey, 54% of respondents rely on memory to ‘manage’ their passwords, a practice that inevitably leads to weak and reused credentials.

A good password manager is encrypted end-to-end, user-friendly, and available cross-platform and across browsers. It should enable teams to share passwords among colleagues easily and securely. No password manager company should be able to see a user’s vault data at any point.

Another benefit of password managers is that most offer two-factor authentication (2FA), which strengthens user security for websites and applications by utilizing a second method (the first being the password) to verify identity. This verification is typically confirmed via an emailed code, third-party authentication app, or hardware key.

While none of the technologies discussed here can stop 100% of cyberattacks 100% of the time, organizations considering an optimal security stack for business needs would be wise to start with these foundational tools.

Ready to simplify your security with a password management solution? Get started with a free business trial to help your team stay safe online, or quickly sign up for a free individual account.