Defense in Depth (DiD) commonly referred to as the "castle approach", has roots as far back as 216 B.C. Back in 216 B.C. they would deploy layers of defenses designed to impede the attacking army's progress, forcing them to exert and exhaust available resources and turn back. There's your history lesson, now back to 2020.
Today it’s an approach to cybersecurity where we employ a series of layered defensive mechanisms to protect valuable data and information. If one mechanism fails, another steps up immediately to thwart an attack.
Before we continue further, and to appreciate this ideology, you have to subscribe to a very simple principle:
There is no 100% complete solution capable of protecting any environment.
We live in a digital world that has completely changed how we live, work and play. With this wonderful new digital playground, we are open to potential attacks 24/7/365. We need to ensure we have the right security in place to keep our websites, applications and networks from being compromised. Since no single method can successfully protect against every single type of attack, we need to execute defense in depth architecture.
How website defense in depth works
Setting up a layered approach to security that can be applied to all levels of IT systems, is the best place to start. From the lone remote worker on their laptop editing your website from an open coffee shop WiFi network, to the visitors coming to your website from anywhere in the world, defense in depth can significantly improve your security profile.
First, we need to agree that no organization can be fully protected by a single layer of security. Where one door may be physically closed, a staff member may have left another unlocked and vulnerable to a thief in the night. In the cyberworld hackers are very quick to find and exploit these vulnerabilities. The good news is by using a series of different defenses together, such as firewalls, malware scanners, intrusion detection, data encryption, integrity and file auditing solutions, you can create a fortified wall and the malicious users will move on to an easier target.
Defense in depth security
With always changing landscape of security threeats to contend with, security companies are continuously developing new security products to protect networks and systems. Below are some of the more common security elements found in a Defense in Depth strategy.
Network security controls
Being able to analyze the network traffic is the first line of defense in securing a network. Web Application Firewalls using EdgeServers and hardware firewalls work to prevent access to and from unauthorized networks, allowing or blocking traffic based on a set of security rules. Intrusion protection systems often work in tandem with your firewall to identify potential security threats and respond to them quickly.
Antivirus software is critical to protecting against viruses and malware. However, using a solution that does not rely heavily upon signature-based detection is important. Signature-based products can be exploited by intelligent cybercriminals, for this reason, it is wise to use an antivirus solution that includes heuristic features that scan for suspicious patterns and activity.
Analyzing Data Integrity
By using the checksum of a file, which is a mathematical representation of a file that shows it’s frequency of use, it’s source among other things in the file, can be used to check for changes. Even a small change say a period changed to an exclamation mark will create a different checksum value. This can be used to check against known viruses and malicious code and unauthorized changes. Incoming files that are completely unique or new to the system can be marked as suspicious for review. Data integrity solutions can also check the source IP address to ensure it is from a known and trusted source.
User, file and network behaviors often provide insight while a breach is in progress or has occurred. If behavioral analysis has activated, the attack has passed the firewall or intrusion protection solutions. Behavioral analysis picks up the dropped ball and can either send alerts or execute automatic controls that prevent a breach from continuing any further. A baseline of “normal” behaviors have to be set by the organization, for a website or app.
Defense in depth tool vs strategy
In closing, it is imperative to understand the difference between a tool that employs defense in depth in its design and solution, versus the defense in depth strategy you must employ as an organization.
An example would be each of our tools is part of a layered defense strategy. From the Web Application Firewall (WAF) looking to mitigate external attacks to our monitors that look for file and user behavior changes that are then sent to our Incident Response Team to remediate any security concerns.
While we boast the idea of employing a defense in depth strategy in the design of our offerings (development when coupled with our hosting solutions), we can’t say it’s the only defense in depth strategy an organization will need. The strategy involves more than our offerings. We are a complementary solution to your existing security posture and we encourage you to contact us on how you can extend our depth in defense to your corporations systems.