Defense in Depth – Definition & Relation to Layered Security Approach

What is a defence in depth technique?

Defence in depth is an strategy in cybersecurity that depends on utilizing a layered and redundant defensive mechanism to defend property from cyber assaults. This is finished in order that if an assault happens and safety measures fail, or a vulnerability is exploited, there’s a fail-safe or backup safety layer to cease additional infiltration.

This mannequin is comparable to a medieval citadel with stable defences. Just as a citadel has robust partitions, motes and portcullis to preserve out intruders, a cyber safety infrastructure ought to use a number of layers of safety to preserve knowledge secure from hackers.

This intentional redundancy varieties a extra important safety posture and protects firm property from numerous assaults. 

Defence in depth instance

If an individual has a secure inside a financial institution, accessing that secure would require the individual to undergo a number of layers of safety. The individual would first stroll by way of a metallic detector, his ID can be checked to verify his identification, he can be made to signal a doc, CCTV cameras can be monitoring him, and an alarm system will likely be current to detect uncommon exercise and threats, the secure can be locked, and solely the proprietor would have the important thing and so forth.

This sort of layered safety is how defence in depth is carried out. In data safety, DiD requires layering safety mechanisms and options to defend, detect and reply to assaults on a system. Each of those mechanisms, as acknowledged above, needs to be totally examined earlier than and through implementations.

Why is defence in depth strategy vital?

As usually stated in cybersecurity, nothing is hundred per cent safe, and there’s no silver bullet in cyber safety. Nevertheless, firms can all the time attempt their finest to implement safety measures for max safety. Using a defence depth strategy might help organisations obtain a a lot larger and extra important degree of safety as safety is redundant, and there’s no single level of failure.

Implementing a correct defence depth strategy considerably will increase the complexity and time required to perform profitable assaults and compromise the community. The added complexity additional drains the attacker’s assets. Due to the added safety instruments/options, the possibilities of the cyber assault being recognized and remediated earlier than completion additionally enhance. 

Defence in Depth and army technique

Defence in Depth in computing is impressed by a army technique however are fairly totally different in their particular person domains. It revolves round having a weaker perimeter defence and deliberately yielding house to purchase time, envelop, and finally counter-attack an opponent. In distinction, the information security strategy entails a number of layers of controls however doesn’t deliberately cede floor.

Defence in depth was initially a army technique in which the troops would delay the enemy’s advances of assault moderately than defeating them with one single line of defence. The identical is true in the cyber world, the place having a number of defences may be adequate in stopping cyber assaults.

What are the fashionable cybersecurity challenges?

With the shift towards digitalisation growing daily, new cybersecurity threats are being found quickly, and these require much more superior technical controls to preserve organisations secure.

The use of cloud computing and massive knowledge has elevated tremendously, and cloud service suppliers want to be additional vigilant to defend their buyer’s knowledge. Social engineering is a risk that continues to develop swiftly; customers fall sufferer to phishing scams and expose the corporate’s delicate property to attackers. 

New zero-day exploits turn into accessible on the web for anybody to attempt to compromise an organization’s property. With the usage of anonymity functions, attackers can keep hidden and unload delicate non-public knowledge on the black market. 

Also, due to on-line presence changing into a major factor, it’s swift and straightforward for information of an organization’s knowledge breach to turn into a headline and negatively have an effect on its fame.

Common issues in cybersecurity methods

The widespread points in cybersecurity methods are:

• According to IBM, figuring out and discovering malicious actions takes time (on common, 200 days)
• Employees are usually not skilled and fall sufferer to social engineering and phishing attacks
• Patch administration practices are usually not adopted
• Security insurance policies and procedures are usually not developed, carried out or communicated throughout the organisation
• Exposed endpoints with out endpoint safety
• Insecure encryption or lack of secure encryption practices
• Insecure VPN configurations
• Physical safety vulnerabilities

How does defence-in-depth work?

A layered strategy to safety may be carried out in any respect ranges of computing and IT techniques. From a single laptop computer to a posh enterprise community of a number of nodes and property, defence in depth can considerably enhance the safety posture and profile.

When defence in depth is in use, a cyber assault is stopped by a number of impartial strategies; which means that the carried out safety instruments/options defend the asset over all the life cycle moderately than at one level in time.

As the cyber assault turns into extra subtle and complicated, one resolution cannot merely provide safety towards all attainable assault vectors. Hence safety workforce wants to apply defence in depth throughout all IT property. 

A couple of firms should defend bodily gadgets like exhausting disk encryption. Protection of communication from assaults similar to man-in-the-middle assaults. Protection from internet utility assaults similar to injection assaults, damaged entry and so forth. Protection on the community degree from assaults similar to spoofing or poisoning, area hijacking, and so forth.

A pattern defence in depth diagram representing numerous defence safety parts seems to be like this:

To defend from all these cyber safety threats and extra organisations should implement a variety of safety mechanisms and options, together with firewalls, endpoint knowledge safety options or antiviruses, intrusion detection techniques, intrusion prevention techniques, knowledge encryption, bodily controls, file integrity monitoring options, logging and occasion monitoring options and most significantly consumer consciousness and coaching.

What are the layers of defence in depth?

Like different approaches, the defence-in-depth strategy additionally realises that attaining full safety isn’t sensible however creating many environment friendly obstacles for an attacker to decelerate a risk till it’s now not a danger or hazard is the best means to safe an organization’s property.

The defence in depth structure makes use of a number of layers and controls to defend an asset’s administrative, technical, and bodily parts.

Administrative controls: These embrace the documented insurance policies and procedures relating to the organisation’s processes that information customers in managing, sustaining, and implementing safety measures.

Technical controls: These embrace the technical controls that safety groups ought to implement on all property, similar to the usage of safe configurations, community segmentation, cyber safety merchandise, for instance, internet utility firewalls, community firewalls, spam filters, antivirus options, system hardening and so forth. Segmentation is commonly achieved by way of the usage of networks change or firewall guidelines.

Physical controls: These embrace bodily infrastructure safety similar to putting in CCTV cameras, locks, safety guards, entry controls and so forth.

Apart from the important safety layers, organisations can even use extra safety layers to defend particular person parts of an asset.

Access measures: These embrace guaranteeing that entry is granted to the right consumer, similar to utilizing biometric verification, digital non-public networks, authentication controls, timed entry, privileged entry administration and so forth.

Workstation defences: These embrace utilizing options similar to anti-spam or anti-virus software program.

Data safety: These embrace securing the information both at relaxation or in movement; this may be finished through the use of encryption software program, hashing, safe switch protocols and so forth.

Perimeter defences embrace defending an organization’s community safety perimeter utilizing intrusion detection techniques (IDS), intrusion prevention system (IPS) networks, or edge firewalls.

Monitoring and prevention: These embrace logging and monitoring all safety incidents/occasions utilizing SIEM options, performing vulnerability assessments and coaching workers to defend towards social engineering.

Threat intelligence contains monitoring risk knowledge feeds to keep up-to-date on details about the newest indicators of compromise (IoCs), identified risk actors, and their ways, methods, and procedures.

What are the 4 steps in the defence in depth IT safety mannequin?

The 4 steps in defence in depth IT safety mannequin are:

1. Perimeter safety

This layer is the outermost and exists on the fringe of an organisation’s community. This is what separates the organisation’s community from the general public web. When a risk assaults, this layer is the primary to reply. The perimeter safety layer ought to have a strong next-generation firewall able to scanning all official community visitors from malicious community visitors with out affecting the consumer expertise. This firewall is the gateway between what comes in and goes out of the corporate’s community; thus, it needs to be configured optimally. For internet functions in a DMZ, an internet utility firewall needs to be deployed that protects towards assaults coming to the net server and for an electronic mail server, organisations ought to implement an electronic mail safety gateway. This layer caters to all public-facing property of an organisation.

2. Application safety

The subsequent layer is utility safety. If a risk is made its well past the perimeter safety, it’s going to hit the appliance layer safety subsequent. This caters to all safety mechanisms carried out on an organization’s functions. An attacker shouldn’t be ready to make its means by way of the appliance and into the servers that deploy the functions.

3. Endpoint safety

If an attacker could make his well past the appliance and perimeter safety and make his means onto the server machines, then organisations ought to implement safety on the server degree. This safety is often carried out by way of endpoint knowledge safety options or antivirus options.

4. Physical safety

Protection of bodily property also needs to be thought-about when implementing a defence in depth strategy. Server rooms needs to be saved locked, and solely authorised personnel needs to be allowed entry, organisations ought to set up safety cameras, companies ought to monitor workplace entrances/exits and so forth.

What is the distinction between layered safety and defence in depth?

Layered safety and defence in depth are sometimes used interchangeably, however there’s a small distinction between the 2. 

Layered safety is a subset of defence in depth, which implies it is part of DiD, which suggests implementing a number of layers of safety on totally different ranges. DiD, however, contains numerous methods to cater to cyber incidents, together with monitoring and emergency response, catastrophe restoration, prison exercise reporting, forensic evaluation and so forth.

How do you implement defence in depth safety measures?

Implementing DiD generally is a tedious and resource-intensive job. Organisations ought to consider their present safety profile and determine areas of enchancment. They ought to conduct a danger evaluation of their property to determine threats and controls they want to implement. Best practices similar to these given by requirements similar to NIST, CIS, OWASP and so forth., needs to be adopted.

Firewalls, IPS/IDS, endpoint detection and response (EDR), networks segmentation, entry management, the principle of least privilege, password safety, patch management, common audits similar to penetration testing and vulnerability assessments, safety incident logging and monitoring are a couple of of the areas that needs to be addressed when implementing defence in depth.

What controls represent a protection in depth technique?

For a strong defence in depth technique, the next areas needs to be thought-about.

1. Effectively audit the techniques and property.
2. Implement behavioural evaluation.
3. Prioritise and isolate delicate knowledge.
4. Use a number of firewalls and privateness controls.
5. Implement endpoint safety.
6. Implement incident response plans.
7. Implement catastrophe restoration plans.

What are examples of defence in depth (utility layer)?

There are many examples of DiD in motion, beneath are the most typical eventualities:

Website safety: DiD strategy for web site or internet utility entails a mixture of antivirus, antispam, internet utility firewall, privateness controls, internet server hardening and consumer consciousness on web site. 

Network safety: DiD strategy for community safety entails a mixture of firewalls, encryption, IPS/IDS, SIEM options and incident response.

A shortcoming of defence in depth mannequin

Many organisations fail to realise that their delicate knowledge could also be breached due to third-party or fourth-party distributors. The firm’s defences could possibly be adequate by a cyber assault on these third-party distributors may end result in the corporate’s knowledge being breached. An instance of that is the 2013 assaults on Target, in which the information breach originated from the air-con items.

New age safety points similar to third-party vendor danger administration, darkish internet credential leakages, company espionage, and so forth are extra areas organisations want to embrace into their cyber safety roadmap.

Conclusion

Defense in depth is a cybersecurity technique that implements a number of layers of safety to defend an organisation’s techniques and knowledge. By implementing firewalls, antivirus software program, encryption, and different safety measures, organisations can create a layered strategy to safety that can assist defend them from cyberattacks. While defence in depth is an efficient technique, it is crucial for organisations to additionally sustain with new-age safety threats and implement danger administration methods to defend their knowledge.

Security breaches are taking place increasingly usually, and they are often very expensive for firms. A whole lot of safety breaches occur as a result of firms don’t correctly take a look at their safety controls. This can depart your organization weak to knowledge leaks regardless of defence in depth and layered strategy to the safety.

Get in touch for an off-the-cuff chat about your safety targets, considerations and ideas we will share.