Let’s talk about layers. Trees have them, your sandwich has them, even the earth’s crust has them. Does your cybersecurity have them? If you’re not thinking about defense in depth layers as a comprehensive, advanced technical control system for your networks and data, SCALABLE Network Technologies thinks you’re already behind. Security layering is both important to implement and complex to manage. Let’s explore why SCALABLE thinks your organization needs layering as well as a simulation system to oversee those layers.
Defense In Depth and Its Relation to Risk Management
First, let’s dive into what security experts mean when they talk about layers, or, defense in depth. Defense in depth is an assurance strategy for IT systems originally developed by the National Security Association, and named after a well-used military tactic involving averting an enemy offensive using barriers. Employing defense in depth involves a few core tactical elements. For one, there’s the concept that defense in layers creates redundancy in case of failure. Next stands the concept that multiple defense layers minimizes the probability of a breach by requiring more time, effort, and complexity on behalf of a would-be attacker, acting as a deterrent. Related to this point – and most importantly – is the idea that if an attack cannot be prevented, it can at least be delayed to allow more time on your side for effective detection and response. For many this last idea may seem like a departure, as it represents a divergence from past conventional thinking – a move toward risk management thinking.
The concept of risk avoidance used to be a primary cybersecurity strategy. Now, aiming for total imperviousness seems like a luxury at best or foolish at worst. Risk management is the name of the game now, for a couple of broad reasons. First, cyber attacks have become more advanced and hackers more sophisticated. Malware is easier to deploy and phishing is more common than ever before. Ransomware, data breaches, email spoofing, man-in-the-middle attacks, typosquatting, domain hijacking, zero day exploits, advanced persistent threats – there is a new villain every day. Second, network systems are changing in a way that increases vulnerability. In the days of physical data centers a basic firewall combined with some physical security like badges and door locks would do the trick. Now, information stored online and in the cloud creates new, mounting risks. Throwing web apps, mobile work, and the Internet of Things into the mix means a whole new digital ball game: the pace is fast and the scope is large. A single vulnerability could be exploited in many ways, and the stakes are sky high. If a firewall is penetrated, is the entire network compromised? Risk avoidance meant assuming countermeasures created assurance and protection. Instead, cybersecurity experts like those at SCALABLE urge a risk management stance, where protection against all threats all the time becomes unreasonable. In this view, the goals of a cybersecurity strategy shift from total security toward mitigating risks – slowing them down until they are no longer threatening. The idea is similar to when a football team has the ball. The possessing team never suppose that the opponent will not charge after the ball; the team simply creates a defensive line strategy that creates enough time and space for their quarterback to operate smoothly. So, what’s the best way to create that quarterback pocket for an organization’s IT and communication to thrive? What’s the best scheme to guard the privacy and accessibility of a given network and its data? How can operators and planners determine the optimal configuration for their network?
Why Layers are the Answer
Perhaps the most difficult aspect of following cybersecurity best practice – or any best practice – is that it’s a moving target. Methods and tools are constantly evolving. The good news is that defense in depth takes this into account. The approach presupposes that no single technique can shield against every type of attack. Defense in depth means securing each potential point of compromise using several varying – and sometimes overlapping – methods. Depending on multiple levels of defense decreases the pressure on each individual level and increases overall peace of mind. At that point, one of the primary challenges becomes evaluating the different levels, testing them, and adjusting them on the fly confidently.
Let’s look at an example to understand how different tiers can come together to protect a network, but also how such a method may create operational obstacles. For network security, if a firewall is penetrated the offender can be detected and stopped using an Intrusion Protection System (IPS). If this second layer fails, the attempted malware install can be removed by an antivirus platform. A firewall, IPS, and antivirus software working together as three layers of security greater than the sum of their cyber-parts. A web security example may look a little different, where a protection plan might translate into using a web application firewall alongside antivirus and antispam security tools. So, in creating a topnotch cybersecurity network, different components must now be managed in sync – IPS, firewall, antivirus, and antispam in this case.
This approach may lead some to believe that too many security layers generate problems or gaps, however, SCALABLE posits that by using modeling and simulation as an additional layer these concerns can be mitigated. By creating a network digital twin, all aspects of the system can be tested and all personnel can be trained in a safe environment. The interactive twinned system allows for pinpoint evaluation of performance, scalability, and resilience. It’s a layer that can be wrapped around all others to ensure high performance. After all, depth of defense is not a specific set of tools deployed in a certain way, it’s a philosophy toward how security investments should be optimized and adjusted – so every system is unique.
Organizations need to first evaluate, then decide on the best custom set of layers for protection. The initial step is to audit all devices, files, applications, and personnel. Then, assess vulnerabilities based on importance. Isolate the most crucial data and prioritize its storage and access. Next, investigate which security layers you need to manage risk most effectively. This will likely involve data integrity solutions, behavioural analysis, endpoint detection and secure web gateways. The situation may also call for a combination of patch management, backup and recovery measures, principle of least privilege implementation, encryption, network segmentation. It may even result in Security Information and Event Management or Identity and Access Management programs.
While this process may seem overwhelming, this is where SCALABLE’s modelling programs come in. With SCALABLE, an cybersecurity team can appraise all options using modelling and simulation of the system before a single dollar is spent. Because the modelling is interactive, teams can even adjust for different configurations to see how different aspects will respond. As new protocols, technologies, and demands arise – from 5G to IoT to V2X – the system can always adapt and evolve smoothly because all outcomes will have been tested and simulated beforehand.
Where single lines of defense and risk avoidance used to be a reliable recipe for cybersecurity, moving confidently into the future means baking in layers of security using a depth of defense approach that aims instead for risk management. As the layers of company’s security grow, SCALABLE serves cybersecurity efforts to ensure their partners are using the easiest way to analyze, verify, and optimize their cybersecurity network.
To learn more about SCALABLE’s network modelling and cybersecurity solutions, visit them at scalable-networks.com.