Defense in depth explained: Layering tools and processes for better security | #itsecurity | #infosec


What is defense in depth?

Defense in depth is a security strategy in which multiple security tools, mechanisms, and policies are deployed in tandem on the assumption that if one fails, another will hold. Rather than, say, relying solely on a firewall to keep hackers out of a corporate network, an organization would also deploy endpoint security software and intrusion detection systems (IDS) to spot any attacker who manages to slip past that firewall. The intention isn’t to deploy different tools to face different specific threats: rather, a defense in depth strategy assumes that an attacker manages to defeat or bypass one tool, then other tools will pick up the slack and fight back in a different way.

Defense in depth is sometimes called a castle approach: the image is of a medieval fortress with many moats and parapets that attackers would have to breach. The term defense in depth itself has a military origin, describing a war scenario where a weaker defending army strategically retreats into its homeland’s interior, trading space for time. This isn’t how cyber defense in depth works, though: at no point do defenders intentionally cede control of any systems to an attacker (as they would when using a honeypot). Instead, you should imagine an attacker running into a relentless series of defenses, with new ones popping up every time an old one is defeated. And each of those tools is built assuming that it will be the last one standing. As Michael Howard and David LeBlanc memorably put it in the book Writing Secure Code: “If you expect a firewall to protect you, build the system as though the firewall has been compromised.”

Why is defense in depth important?

Defense in depth is important because the traditional perimeter defense model is untenable on its own. A perimeter defense philosophy throws as many resources as possible at preventing an attacker from gaining any foothold in the network by hardening its outer edge with firewalls and defenses on individual machines. This idea of what network protection is has become increasingly disconnected from the reality in which we live, in which work-from-anywhere and extensive use of public and private clouds have made it more and more difficult to even define where the perimeter is that needs protecting.

That doesn’t mean that an organization implementing a defense in depth strategy should abandon firewalls and other perimeter defenses. Rather, they must recognize that a firewall, like any other individual security tool, can almost always be breached by an attacker who is skilled and determined enough, and network assets are too valuable to be left defenseless when that happens. Defense in depth is important because we live in an environment where you have to assume that at you can be breached at any time, and even your backup defensive tools need backups.

In many ways, defense in depth dovetails with another increasingly popular cybersecurity philosophy, zero trust. A zero trust architecture is built around the idea that any user or device on the network should be continually challenged and monitored to ensure that they are who they say they are and are allowed to do what they’re trying to do. This philosophy requires an underlying defense in depth infrastructure of security tools and policies that are capable of keeping tabs on everything interacting with and on the network.

Defense in depth vs. layered security

You’ll often hear the phrases defense in depth and layered security used somewhat interchangeably. Many people use them to mean more or less the same thing: as we’ve noted, a defense in depth infrastructure involves layers of security tools fighting off attackers. Those layers are obviously important, and we’ll dive into them in more depth momentarily.

Copyright © 2022 IDG Communications, Inc.



Original Source link

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Leave a Reply

Your email address will not be published.

one + two =