With the continuous demand to ensure that businesses are securing the most modern technology environments, the desire to find a magical ‘one-stop’ remedy for all security problems is very common. This search has manifested itself to many in the form of a new “blinky box” such as a firewall, SIEM, or cloud-hosted EDR. However, these quick-fix solutions don’t solve every problem on their own and include several holes that allow cybercriminals to attack. With 83 percent of organizations having experienced a DDoS attack within the last two years, security is not something that can be taken lightly.
Instead of looking for a magic silver bullet for all their security needs, businesses should be viewing security from a holistic perspective. This approach would mean that businesses would focus on building a system that reduces the impact of any one protection being bypassed. One way to achieve this is through defense in depth (DiD). The DiD mindset helps to build multiple layers of controls that complement each other in protecting critical data.
The way DiD works is that each security control that is bypassed can be backed up by another. For example if the firewall is bypassed then it is backed up by cloud-hosted EDR. This is known as “layered security.” However, the DiD model is generally more thorough and would require reviewing how systems operate together in order to offer the best protection. It, therefore, goes a step further than just placing a different type of security control behind another.
As shown in the above diagram, having these several layers of security control creates a complicated labyrinth to navigate from the network edge into the inner sanctum. This prevents cybercriminals and attacks from easily getting through to crucial data and allows time for businesses to react when an attack is attempting to happen. The different types of security controls included in this method include preventive, detection and responsive. These provide multiple roadblocks for any attack.
An example of how this works would be to view phishing in the lens of DiD. Phishing is when a cyberattack is masked as a trusted entity and uses that to retrieve private data such as login credentials and credit card numbers. The traditional first step to defend against an attack like this would be an email gateway; this filters out phishing emails based on various sets of rules, heuristics, and other more advanced means. However, methods such as spear phishing attacks can bypass this security control.
This security control would then be supported by another security control called link tracking technology. Link tracking technology allows for the defenders to have visibility into the links that are clicked within emails, allowing for a business to determine retroactively who within the organization may have visited that linked site.
Both of these would be supported by user awareness training. It is necessary for businesses to educate end users on how to identify malicious emails. If social engineering is used for phishing, it can be difficult for automated systems to verify threats.
These security controls are then supported by others such as automated email pullback, two-factor authentication, browser isolation, and endpoint protection software. All these security controls working in tandem with each other creates a digital fortress between cybercriminals and businesses’ crucial data. This shows that different mechanisms layered together create a stronger overall security posture and why looking for that one-stop magic bullet should no longer be an option in an increasingly data-driven world.