What is a Defense in Depth Strategy?

Administrative

Administration forms a baseline layer for an effective DiD strategy. The policies and procedures are essential frameworks and guidelines for achieving layered security that fit with your company and industry sector. Examples include policies on incident response and procedures to mitigate a ransomware attack.

Physical

Protecting assets from physical breaches is as important as cyber measures. Assets like servers and data centres must have physical protection to prevent cybercriminals from entering rooms containing essential IT resources or accessing computers to steal data or wreak computing resources.

Technical

Technical security measures comprise a combination of solutions addressing specific exploit points. For example, email filtering, web application firewalls, and identity management are all technical layers that work alongside physical and administrative layers to build a Defense in Depth. Some of these measures may be part of a unified system that consolidates various security solutions under a single service.

Prevent Multiple Types of Cyberattacks

There are many types of cyberattacks, each of which uses specific vectors, often involving multiple components in a complex chain of attack. The tactics, techniques, and procedures (TTPs) of a cyberattack encompass a wide range of methods to compromise and infiltrate a company and its personnel. Using a DiD approach means that an organization has broad coverage against many types of TTPs. Additionally, Defense in Depth establishes fallback positions in case one of the security measures fails.

Meet Regulatory Compliance

By using a DiD approach to security, a company effectively creates a robust security posture. Data protection regulations and standards mandate this layered approach to security, which incorporates human-centric and policy-based measures.

Reduce the Cost of a Cyberattack

Cyberattacks are expensive to a company. The costs include damage to IT resources, downtime, data theft, loss of intellectual property, ransoms, regulatory fines for noncompliance, and reputation damage. The average cost of a data breach is $4.88 million, and the median cost of a ransom is $200,000. Defense in Depth provides the most effective way for an organization to mitigate cyber threats and, therefore, help to reduce the costs of a cyberattack.

Operational Security

To begin the process of developing and implementing a DiD strategy, a company must create a series of policies and processes, including the following:

• Policies and procedures use frameworks such as the NIST Cybersecurity Framework (CSF) to help establish a plan of action and what policies and procedures to use.
• Incident response must be based on a strong and clear policy on how to deal with incidents, which helps to establish rules of engagement and procedures that can be followed in the event of a security incident.
• Data analyticsallow you to predict threats and optimize operations and defenses. Vendors like Databricks provide data analytics engines for cybersecurity.
• Vendor risk management is essential to prevent supply chain attacks.

Network Security

The following technologies and measures are typically used to provide robust, layered protection:

• Firewalls and web access firewalls (WAFs).
• Intrusion Prevention (IDP) to identify and prevent external attackers.
• Network segmentation and zero-trust network access (ZTNA) help isolate areas of a network, thereby mitigating broader attacks.
• VPNs or alternatives for remote employees for secure network access.
• Continuous monitoring of network traffic and behavioral analysis of employee actions.
• Patch management regularly, and as patches become available

Data Security

Data is challenging to protect across disparate and hybrid environments. Compounding protection is remote working, who need to create and share data from remote locations outside the corporate defenses. The following technologies are part of a Defense in Depth security strategy:

• Visibility tools to identify SaaS apps where data is created and likely to be shared
• Classification is essential to set effective access management and security policies.
• Access management is dictated by the classification of data and by the roles of employees accessing that data. The principle of least privilege and zero standing privileges helps to mitigate data theft and loss.
• Encryption of data during storage and sharing.
• Data masking to obfuscate sensitive data and enhance privacy.
• Backup and recovery to ensure a fast recovery from attacks like ransomware.

Endpoint Security

Endpoints include mobile devices, laptops, Point of Sale (PoS), printers, IoT devices, and so on. Protection of all endpoints ensures that the corporate perimeter extends to cover the entire potential attack surface:

• Endpoint protection includes encryption, next-generation antivirus (NGAV), and identity management (usually as a unified endpoint security solution).
• Endpoint Detection and Prevention (EDR) provides visibility across all endpoints and monitors these endpoints looking for potential cyberattacks.
• Access controls and multi-factor authentication (MFA) are essential to the secure access and sharing of data across endpoints.

Application Security

Applications are exploited by cybercriminals who look to steal data and take control of applications:

• Mobile Device Management (MDM) is used to manage mobile device use and security. MDM will ensure that lost or stolen devices are remotely wiped and enforce security policies that prevent the installation of unauthorized shadow IT apps.
• Measures that prevent vulnerability exploitation, such as SQL injection and Man in the Middle (MitM) attacks, should be enforced.
• Distributed Denial of Service (DDoS) attack prevention.
• API security protects the connections between applications.

Human-Centric Security

The majority of cyberattacks have a human element, according to Verizon. Employees and customers should be guided on security risks and how to prevent data leaks and other security incidents:

• Employee training is provided by security awareness training programs that educate employees about a multitude of risk areas. Modules include safe internet use, phishing attacks, mobile device security, and data protection.
• Phishing simulation exercises are typically offered as part of a security awareness training program. Fake phishing emails are regularly sent to employees to train them to identify and handle phishing attacks and how to report an incident.

Physical Security

Physical IT resources are also part of a comprehensive Defense in Depth approach to security. Physical resources, such as data centers, computers, and servers, must be protected from unauthorized access and harm using methods like biometric access control.