The Basics of Defense in Depth Cybersecurity
Defense in Depth is a Respected Cybersecurity Strategy. Learn What It Consists of.
Defense in depth cybersecurity is a concept in which a series of security protocols and controls are layered throughout an IT network to preserve its integrity and privacy. The purpose of defense in depth cybersecurity is to protect against a wide variety of threats while integrating redundancy in the case of one system failing or becoming vulnerable to exploits.
In this article, I will dive deeper into the definition of defense in depth cybersecurity, as well as analyze some of its most common elements. So, if you want to find out more about how it works and why it would suit your enterprise network, then keep reading.
What is Defense in Depth Cybersecurity?
The notion of defense in depth cybersecurity originates from the ancient military strategy of the same name, which was famously used by Carthaginian general Hannibal Barca and the Late Roman army. The main gist of this battle tactic was to slow down the advance of an attack instead of focusing all available manpower in one strong line of defense. This is more or less how the information security practice works as well.
Defense in depth cybersecurity functions on a layered architecture that is divided into two main categories, namely control layers and security layers. In terms of control layers, there are:
- physical controls,
- technical controls,
- and administrative controls.
Concerning the category of security layers, five subcategories exist:
- data protection,
- access measures,
- system monitoring,
- endpoint protection,
- and network protection.
Elements of Defense in Depth Cybersecurity
In this section, I will go over the main elements that go into the concept of DiD. Integrating more than one of the following components into your organization’s IT environment represents an instance of defense in depth cybersecurity.
Antivirus software is the cornerstone of a holistic defense in depth cybersecurity strategy due to its ability to not only prevent but also detect and remove malware. While initially designed to combat computer viruses only (hence its name), nowadays an antivirus is a jack of all trades, defending users from Trojans, worms, spyware, adware, and other common examples of malicious code.
A firewall is another essential foundation piece of a successful approach to defense in depth cybersecurity that goes hand in hand with antivirus software nowadays. A firewall monitors both incoming and outgoing network traffic, detecting malicious activity according to a predetermined set of rules.
You might be wondering why I chose to mention both these elements under one section by now. The reason for this is simple: today’s next-generation antivirus (NGAV) software, such as our Heimdal™ Next-Gen Endpoint Antivirus, usually integrates both. Using an NGAV eliminates the need for separate modules of traditional antivirus and firewall, combining the benefits of the two and more under one convenient roof for full endpoint protection, detection, and response (EPDR).
Intrusion Prevention System
An intrusion prevention system (IPS) is a security component that monitors network traffic, preventing and detecting malicious activity. It sits directly behind the firewall and creates an additional layer of security that catches any threats that the initial barrier might have missed.
As opposed to a simple intrusion detection system (IDS), the IPS does more than just set off alarms when threats are spotted. It can also block traffic from the source, reset the connection, and drop the malicious packets. For this reason, it is also known as an intrusion detection and prevention system (IDPS).
A practical example of how this works is our Heimdal™ Threat Prevention cybersecurity solution, specifically the Network module. Heimdal™ Threat Prevention filters online network perimeter traffic at the level of the DNS, preventing, detecting, and responding to incoming cyber-threats promptly.
What is more, the module tracks the history of threats that were previously unidentified, but become identified. This is critical in the detection and prevention of traffic-sniffing attacks. In addition to this, Heimdal™ Threat Prevention keeps the network perimeter safe when employees bring in their personal and potential devices as permitted by the office BYOD policy.
Heimdal™ Threat Prevention
Heimdal™ Threat Prevention also comes in an Endpoint module, which greatly improves the EPDR capabilities of your defense in depth cybersecurity suite with VectorN Detection machine-learning technology. The two modules are available both separately and concurrently, depending on what your information security needs are.
While we’re on the topic of the online network perimeter, another element of defense in depth cybersecurity to consider integrating is network segmentation. The term refers to an IT practice that involves splitting a large network into multiple subnetworks that are focused on various business needs. For example, your company can have a network for human resources, one for the finance department, one for C-level execs, and so on.
Network segmentation can be implemented through either physical or logical methods. In the case of the former, the firewall can act as the subnetwork gateway to control incoming and outgoing traffic. The latter relies on network addressing schemes or virtual local area networks (VLAN). It is more effective than its counterpart, but also requires a lot more technical resources.
Patch management is a process that first involves scanning devices to identify missing software updates. Subsequently, the procedure continues by applying said updates to software, hardware, applications, or the operating system of the machine as soon as they are deployed by the third-party service that manages them.
Outdated applications represent a huge liability for your enterprise. On the authority of data-driven defense evangelist Roger Grimes, unpatched software was the cause behind 20 to 40 percent of breaches in2020. In fact, Grimes declared the second largest threat after phishing campaigns, which sometimes exploit these very system vulnerabilities anyway.
To ensure that all security gaps are closed on time, I recommend streamlining the process with an automatic software updater such as Heimdal™ Patch & Asset Management.
When it comes to the defense in depth cybersecurity concept of password security, there are four main aspects that you should consider:
- password strength,
- multi-factor authentication,
- password hashing,
- and a password manager.
But let’s take them one at a time. Password strength determines how hard a password is to guess or how well it can hold its own against a brute force attack. Strong passwords generally contain both uppercase and lowercase letters, as well as numbers and symbols. They are not tied to easily identifiable information about the users, are not shared and are not subject to other common password mistakes.
Multi-factor authentication is a verification method that allows a user to login into an account only after presenting two or more pieces of evidence. Popular steps include device confirmation, PIN codes, or biometric data such as facial recognition or fingerprint scanning. As for password hashing, it represents an encryption process that turns the credential into a scrambled version of itself that is nearly impossible to read or decipher.
Finally, in terms of password managers, everyone knows LastPass is an enterprise favorite. However, there are other options available online as well, and one of them might suit your organization better. My colleague Vladimir wrote an excellent in-depth article on the four best password managers out there, so make sure to give that a read for a detailed review of each one.
Privileged Access Management
Before diving into the topic of privileged access management for your corporate network, let’s first consider the principle of least privilege (POLP). An essential cybersecurity concept, it entails granting a user the minimum access rights that are necessary for them to pursue their daily activities. POLP is the foundation on which privileged access management (PAM) operates.
PAM is an information security defense strategy that relies on monitoring the accounts on a network and preventing the abuse of admin rights. It can be quite a time and resource-consuming affair, which is why tools such as our Heimdal™ Privileged Access Management will make your network admin’s life a lot easier.
Heimdal™ Privileged Access
Heimdal™ Privileged Access Management allows network admins to easily manage user permissions, as well as approve or deny escalation requests on the go. In addition to this, our PAM solution also provides automatic de-escalation of rights if a threat is detected in the system.
The final aspect of a complete defense in depth cybersecurity strategy is cybersecurity education in the form of Internet Security Awareness Training (ISAT). This is recommended in any enterprise setting, regardless of whether the company is large, medium, or small. It should consist of three main topics:
- how to protect sensitive company data,
- how to recognize common cyber-threats,
- and what the consequences of an attack are.
By doing so, you are adding a layer of security for your company at the employee level. Human error is still very dangerous, which is why having well-informed members of staff can help you prevent critical situations.
Defense in depth cybersecurity entails multiple elements, but a minimum of two is required for the strategy to be successful. Antivirus software, firewall, intrusion prevention systems, network segmentation, patch management, password security, privileged access management, and cybersecurity education are all part of a successful approach to your corporate security.
Do you practice defense in depth in your company? Which elements do you implement for it? As always, I would love to read your opinions in the comments below!