Are cyber threats evolving and your controls?

Today’s cyber threats are evolving and growing rapidly. Security in depth is an approach to cybersecurity in which a number of defensive mechanisms are layered on top of each other to protect valuable data and information. If one mechanism fails, another is immediately activated to stop an attack. This multi-layered approach increases the security of a system as a whole and addresses many different attack vectors.

Protecting the King (Our data)

Security in depth is known as the “castle approach” because it mirrors the layered defenses of a medieval castle. Before you can penetrate a castle, you face the moat, the walls, the drawbridge, the towers, the battlements, etc.

Endpoint protection, including anti-virus and firewalls, remain critical elements of comprehensive security; however, a defense-in-depth strategy is seeing significant adoption as these network security methods alone are no longer sufficient.

How to implement defense in depth?

As we know it is a method that seeks to reduce vulnerabilities in computer systems, which consists of applying layered security to a system, its main function is to increase the possibility of detecting intruders and reduce the chances that intruders achieve their purpose.

Layer 1 (Policies, Procedures and Awareness)

• It establishes the directives to be applied in a company, i.e. the policies and procedures that users must follow on a mandatory basis.
• We analyze what resources we must protect, who will be responsible, what are the possible threats, the importance of the resource and finally what measures can be implemented in a firewall.

Layer 2 (Physical Security):

• Installation of control posts.
• Video Surveillance Systems (Zone Minder)
• Physical access control systems.
• Monitoring of user activities in the equipment rooms, as well as the handling of servers.

Layer 3 (Perimeter Security):

• We secure the perimeter of the network, which is composed of the external part of the network.
• One or more of the following components are installed and properly configured:
  • Firewall (
    Pfsense Firewall
    )
  • Incorporation of DMZ
  • Honeypot
  • DLP
  • IDS/OPS

Layer 4 (Network Security):

• The network is segmented by means of logical addressing, applying sub-network criteria to help reduce network vulnerabilities.
• Any of the following controls are implemented:
  • NAC (Network Access Protection – Microsoft NPS)
  • Security with respect to messaging systems or Mail Security Gateway.
  • Security in wireless networks.
  • Protection in VOIP systems
  • Internal Network Firewall. (Pfsense Firewall)
  • Security Monitoring (
    Graylog
    +
    Suricata
    )
  • NIDS/NIPS

Layer 5 (End Device Security):

• For greater protection of LAN equipment, hardening criteria are applied to the operating system to reduce vulnerabilities in both network clients and servers.
• One or more of the following controls are implemented:
  • Desktop Firewall (Windows Firewall)
  • Endpoint Security Solutions (
    Panda Adaptive 360
    )
  • Update Managers (Windows Server Update Services)
  • HIDS/HIPS (
    Wazuh
    /
    OSSEC
    )

Layer 6 (Application Security):

• It is time to protect our web applications, databases and even monitor the status of our applications.
• Controls will be applied such as:
  • Web Application Firewalls (Wordfence)
  • Dynamic Application Testing (
    OWASP ZAP
    )
  • Database Monitoring
  • Database Firewall

Layer 7 (Data Security):

• At this point we get to the king’s royal escort, protecting that little piece of bits and bytes that give meaning to our work as Defenders, the information, in which we apply various controls such as:
  • Secure deletion.
  • DLP
  • Encryption (Bitlocker).
  • PKI Implementation
  • Classification of information.
  • Implementation of Identity and access management systems (Active Directory).

Why is defense in depth important?

Defense in depth helps you reduce the likelihood of becoming a victim of a cyber-attack. It forces you to consider security even when your various tools and solutions have been compromised. No tool or security measure is perfect, so be aware of potential flaws. By incorporating layers of security, you can reduce the likelihood of a single point of failure occurring in your systems.

Summary:

While new threats are constantly emerging, the defense-in-depth strategy has proven its value for several years. The use of the core principles, together with prudent risk management, will ensure that an adequate and effective information security profile is maintained.

Security in depth, it is not about implementing 500 controls that become unmanageable, the idea of all this is to place at least one control on each line of defense. And make use of automation solutions so that in the event that one of the lines fails, it has the ability to self-correct and immediately notify the activity performed. Keeping our environment visualized is the secret. 

 

Do you have any advice about security in depth? If so, feel free to let us know below in the comments.