There is no silver bullet cyber security solution.
According to Network Computing, defense in depth is: “The practice of layering defenses to provide added protection. Defense in depth increases security by raising the cost of an attack. This system places multiple barriers between an attacker and your business-critical information resources: The deeper an attacker tries to go, the harder it gets. These multiple layers prevent direct attacks against important systems and avert easy reconnaissance of your networks. In addition, a defense-in-depth strategy provides natural areas for the implementation of intrusion-detection technologies. Ideally, the defense-in-depth measures you implement should buy you time to detect and respond to a breach, reducing its impact.” (Brooke Paul, Jul 01, Security Workshop at Network Computing)
Defense in depth was originally a military technique intended to delay, slow, and discourage an attacker. Using countermeasures to protect vital assets, the defense in depth strategy attempts to create specific protection mechanisms of identified areas that are known to be weak, vulnerable, and easy to attack. For defense in depth to work, it must include people, technology, and operations.
Most important starting point to begin the work – Baseline
A defensive plan is a process; it is not a single event. Constant improvement is required, because the attack vectors keep changing every time a new vulnerability is discovered. The process includes the following:
- Create or recognize your baseline. Audit what you have. Documenting it will establish that baseline and allow you to show progress when you make changes.
- Understand your policies. Policies are vital; they need to be written down and formalized. Too often we find companies that have “unwritten” policies.
- Implement your policies in your environment. Employees and contractors need to be formally trained as to what the policies are.
- Identify your network components. Try to identify all the devices on your network. Look for those forgotten devices like the modems that were used during commissioning and left in place – just in case – and then forgotten.
- Compare your as-built to the baseline. Use change control to update your network maps.
- Identify improvements to your network. Look for the vulnerabilities in your system. What needs to be upgraded, what needs to be patched, what changes need to be made into policies, etc.
- Then prioritize and implement those changes.
- The last step is to go back to the beginning and start all over again with re-establishing your baseline.
Defense-in-depth is a layered approach to defending any systems. It requires developing defenses for all systems and subsystems including security management, physical security, network security, hardware security, and software security.
Lets learn more about each layers in upcoming blog posts.