Many companies, while they have defenses against cyberattack, still fight to keep ahead of cyberattacks. What if your company is one of these, and could find a better way to protect your technological assets–data, applications, your network itself–from attack? Read on to learn more about “defense-in-depth” and how your company can use it to build a robust defense in all parts of your network.
Definition of Defense in Depth
Simply defined, defense-in-depth is a cybersecurity approach in which independent layers of controls are employed to build redundancy. If one control fails, another will take over. If an intrusion occurs, the bad actor can go only so far and will be dealt with before they cause serious harm. All the way from your perimeter to the most sensitive data at the core of operations, controls will keep your data and applications safe from loss and compromise. A first layer is detection, which catches anomalies and reports them to cybersecurity personnel, stopping them from intruding further into your network.
Evaluating Your Current Cybersecurity Posture
How do you know what an anomaly looks like, and whether it is a cyberattack in the making? Before making the transition to a multi-layered cybersecurity structure, knowing your current cybersecurity posture is important. One thing to consider is what a possible attack might look like. Viewing intelligence from past activity logs, especially when an intrusion occurred, should show you what unusual activity looks like. A next step is identifying your mission-critical data and applications, not to mention your most sensitive data, to determine which assets need the greatest protection and should be at the innermost layer of protection. Finally, what intrusion detection systems can you put in place to detect anomalies in usage?
Multiple Modes of Protection
A defense-in-depth system contains multiple defenses dedicated to controlling access to physical and data resources, as well as the resources themselves. Physical controls include security (say, at cloud data centers) and technical controls (firewalls and antivirus protection) defend the contents of physical systems. Administrative controls refer to policies and procedures for network security–for example, data-handling procedures and digital codes of conduct. Cybersecurity controls help maintain data integrity within a company’s network; examples of these protections include encryption at rest and encrypted backups offsite. Network monitoring of processes and of possible intrusion, along with endpoint protection, are yet more layers.
Ideally, with defense-in-depth, you can protect your systems by using multiple tools that work better than any one tool by itself. For assistance with this approach, contact your technology advisor today.