Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
SPONSORED BY
1/18/2018
12:30 PM
Chris Park
Chris Park
Partner Perspectives
100%
0%

Applying Defense-in-Depth to the Digital Battlefield

How a layered security strategy can minimize the threat and impact of a data breach.

Defense-in-depth is a concept born on the battlefield, in a time where the greatest threat to an organization’s security was physical, not digital.

The challenge with defending the front lines of attack in the modern age is that on today’s virtual battlefield, the enemy is constantly advancing. Malware itself is now sold as-a-service on the Dark Web, giving hackers financial incentive to relentlessly evolve their tactics and exploit vulnerabilities at all levels of network access. While no approach is going to guarantee 100% security across networks and devices, there are layered strategies that can at the very least minimize the threat of network breaches while giving networks the posture to thwart data theft

Start at the Perimeter
You often hear about how the distributed nature of modern organizations has blurred the enterprise network perimeter, but there are still defenses that plug holes in the process. This perimeter security traditionally starts with firewalls, which evaluate packets of data entering and leaving the network based upon pre-determined access control lists.

Secure web gateways (SWGs) are then generally implemented behind this perimeter within the network to go a step beyond firewalls, assigning contextual information to the complete file or activity that can help better identify – and stop – malicious actors before they reach sensitive content or end users. Gateways provide a horizontal defense-in-depth strategy in that the most effective ones marry a slew of defense functionalities into one platform. For instance, the SWG might act as the web proxy for users sharing the network, dictating compliance settings and network protocols to all users accessing data over that network entry point.

So, while incomplete pieces of the file might make it past the firewall via non-flagged data packets, the gateway proxy will look at the complete file, take it apart, and evaluate it in-depth based upon predetermined access settings. Additional features like sandboxing, which take entire files and allow them to play out in simulated network environments to flag for malware, should also be included to compensate for threats that might not be known by existing filtering solutions.

Incorporate User-level Defenses
Endpoint security takes defense in depth to the user level, complementing defenses at the gateway. This is software that users install on devices to detect viruses should they sneak past the defense at the network perimeter. The settings at the gateway will help complement these endpoint defenses by coordinating with device and user registries to ensure that individuals accessing sensitive network data actually have the proper permissions.

In addition, identity and access management software help change user bad habits by safely collecting sensitive log-in credentials to assure Single Sign-On (SSO) across applications. This is a more secure and convenient alternative to forcing users to create and record unique passwords for all programs and access points – or worse, recycle their credentials across platforms.

The number of defenses that networks can employ are virtually endless so organizations need to be wary of adopting more solutions than their teams can handle. When security teams are juggling management portals, it’s more likely that one area of the defense strategy might get overlooked. Teams should seek out solutions that give them holistic insight into network traffic so they’re in the best position to monitor the front lines of cybersecurity. 

Chris Park brings more than 13 years of experience in corporate network security to his position as CIO at iboss, where he is responsible for creating and driving the company's IT strategy. As resident expert in all aspects of iboss solutions and infrastructure, Chris is ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/30/2020
6 Ways Passwords Fail Basic Security Tests
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/28/2020
'Act of War' Clause Could Nix Cyber Insurance Payouts
Robert Lemos, Contributing Writer,  10/29/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How to Measure and Reduce Cybersecurity Risk in Your Organization
In this Tech Digest, we examine the difficult practice of measuring cyber-risk that has long been an elusive target for enterprises. Download it today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7759
PUBLISHED: 2020-10-30
The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable to SQL Injection in data classification functionality in ClassificationstoreController. This can be exploited by sending a specifically-crafted input in the relationIds parameter as demonstrated by the following request: http://v...
CVE-2020-7760
PUBLISHED: 2020-10-30
This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vu...
CVE-2020-27014
PUBLISHED: 2020-10-30
Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash. An attacker must first obtain the ability to execute high-privileged code on the targ...
CVE-2020-27015
PUBLISHED: 2020-10-30
Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. An attacker must first obtain the ability to execute high-privi...
CVE-2020-27885
PUBLISHED: 2020-10-29
Cross-Site Scripting (XSS) vulnerability on WSO2 API Manager 3.1.0. By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged-in user’s session by stealing cookies which means that a malicious hacker can change the logged-in user’s pass...