Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Building An Effective Security Architecture: No Piece Of Cake
Newest First  |  Oldest First  |  Threaded View
MROBINSON000
50%
50%
MROBINSON000,
User Rank: Apprentice
6/20/2013 | 8:32:38 AM
re: Building An Effective Security Architecture: No Piece Of Cake
Indeed, a one and done approach is not enough. Developing a training program to match your organizationGs goals is needed. Also, meeting compliance requirements is not enough, there should be a change in culture. We also discussed about this topic on our company blog. Here is the link for all those interested: http://blog.securityinnovation...
MichaelHyatt_
50%
50%
MichaelHyatt_,
User Rank: Apprentice
6/6/2013 | 5:09:38 PM
re: Building An Effective Security Architecture: No Piece Of Cake
NAC is still mechanistic - the idea is to move from static solutions that depend on signatures and policies to intelligent solutions that can identify suspicious activities and behaviors from the network layer up through the applications and transactions...
MikeH5858
50%
50%
MikeH5858,
User Rank: Apprentice
6/5/2013 | 8:28:03 PM
re: Building An Effective Security Architecture: No Piece Of Cake
Doesn't this real-time detection/protection you describe already exist with NAC?
MichaelHyatt_
50%
50%
MichaelHyatt_,
User Rank: Apprentice
6/5/2013 | 6:37:08 PM
re: Building An Effective Security Architecture: No Piece Of Cake
The whole idea of DiD is to stop the known attacks. This is something your security stack MUST be capable of doing under any circumstances. However, that does not complete the stack, nor secure the network. That is the prevention part. In order to secure the network we also need a detection part. That requires integration of the data gathered by all the tools in place, and effective real-time analysis of that data.

Incremental hardening of the perimeter yields diminishing returns - at some point we have to accept that some attacks are going to succeed, and we have to be able to detect them in real time in order to keep them from becoming catastrophic.
scooterx8250
50%
50%
scooterx8250,
User Rank: Strategist
6/4/2013 | 8:02:02 PM
re: Building An Effective Security Architecture: No Piece Of Cake
What a load of apples and oranges!

Security architecture and 'defence in depth' are not mutually exclusive. In an architectural context it is valid to use 'defence in depth' when referring to the safeguards deployed within 'domains' (technology, operations, policy, governance, assurance, design) to protect assets from a particular category of compromise.

While I agree with the relevant portions of the ultimate paragraph in the article that advocate intelligence and strategy to be employed, the real challenge is to effectively advocate an architectural approach to enterprise management.
DarkReadingTim
50%
50%
DarkReadingTim,
User Rank: Strategist
6/4/2013 | 7:57:37 PM
re: Building An Effective Security Architecture: No Piece Of Cake
Agree with both of your points -- I should have said Maginot Line *after* WWI, but appreciate your liking the analogy. :) With regard to DiD and layering, my goal was not to invalidate the concept -- which is theoretically practical -- but to get readers to rethink the *practices*, which these days often involve layering in the same place over and over again, while leaving some gaps completely uncovered. Thanks for the input!
--Tim Wilson, editor, Dark Reading
Mister Pink
50%
50%
Mister Pink,
User Rank: Apprentice
6/4/2013 | 6:19:17 AM
re: Building An Effective Security Architecture: No Piece Of Cake
Sorry to sound like a pedant, but there was no the Maginot Line in World War I - it was built after WW1 with a view to preventing WW2, and was an abject failure, as those pesky Germans just drove around it through Belgium! (So in this respect your analogy is good)

More to the point, your summation that 'defence in depth' is simply a pokemon inspired collection of all the different products out there is not really fair.

Defence in depth is more about the layering of controls, some of those might take the form of magical pizza box appliances sure, but the important part is the things like policies, encryption, training, monitoring, separation of duties, centralised logging, log checking, patching process, change management etc blah blah blah.

The confusion (and the key to the problem) is to do with the fact that this industry is lead by vendors who can't make money by selling advice, system integrators pretending to be consultants who are driven by sales of boxes rather than knowledge and customers who are simply plumbers who got architect in their job title because it was cheaper than giving them pay rise. - On and let's not forget the fact that clowns like JLUIGGIJ1G are given students, even though they are still waffling on about 'The Perimiter' in 2013!!
JLUIGGIJ1G
50%
50%
JLUIGGIJ1G,
User Rank: Apprentice
6/3/2013 | 9:27:44 PM
re: Building An Effective Security Architecture: No Piece Of Cake
Hi,

When i speak about security with my students, the first thing I talk about is to understand the perimeter (I mean the whole architecture) we have to manage.

The "layering" is used but within the architecture, the latter drives the former.

Regards.


Commentary
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
Edge-DRsplash-10-edge-articles
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
News
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-1177
PUBLISHED: 2021-06-23
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
CVE-2011-1942
PUBLISHED: 2021-06-23
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
CVE-2011-1955
PUBLISHED: 2021-06-23
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
CVE-2011-2926
PUBLISHED: 2021-06-23
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
CVE-2020-20389
PUBLISHED: 2021-06-23
Cross Site Scripting (XSS) vulnerability in GetSimpleCMS 3.4.0a in admin/edit.php.