Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
SPONSORED BY
1/18/2018
12:30 PM
Chris Park
Chris Park
Partner Perspectives
100%
0%

Applying Defense-in-Depth to the Digital Battlefield

How a layered security strategy can minimize the threat and impact of a data breach.

Defense-in-depth is a concept born on the battlefield, in a time where the greatest threat to an organization’s security was physical, not digital.

The challenge with defending the front lines of attack in the modern age is that on today’s virtual battlefield, the enemy is constantly advancing. Malware itself is now sold as-a-service on the Dark Web, giving hackers financial incentive to relentlessly evolve their tactics and exploit vulnerabilities at all levels of network access. While no approach is going to guarantee 100% security across networks and devices, there are layered strategies that can at the very least minimize the threat of network breaches while giving networks the posture to thwart data theft

Start at the Perimeter
You often hear about how the distributed nature of modern organizations has blurred the enterprise network perimeter, but there are still defenses that plug holes in the process. This perimeter security traditionally starts with firewalls, which evaluate packets of data entering and leaving the network based upon pre-determined access control lists.

Secure web gateways (SWGs) are then generally implemented behind this perimeter within the network to go a step beyond firewalls, assigning contextual information to the complete file or activity that can help better identify – and stop – malicious actors before they reach sensitive content or end users. Gateways provide a horizontal defense-in-depth strategy in that the most effective ones marry a slew of defense functionalities into one platform. For instance, the SWG might act as the web proxy for users sharing the network, dictating compliance settings and network protocols to all users accessing data over that network entry point.

So, while incomplete pieces of the file might make it past the firewall via non-flagged data packets, the gateway proxy will look at the complete file, take it apart, and evaluate it in-depth based upon predetermined access settings. Additional features like sandboxing, which take entire files and allow them to play out in simulated network environments to flag for malware, should also be included to compensate for threats that might not be known by existing filtering solutions.

Incorporate User-level Defenses
Endpoint security takes defense in depth to the user level, complementing defenses at the gateway. This is software that users install on devices to detect viruses should they sneak past the defense at the network perimeter. The settings at the gateway will help complement these endpoint defenses by coordinating with device and user registries to ensure that individuals accessing sensitive network data actually have the proper permissions.

In addition, identity and access management software help change user bad habits by safely collecting sensitive log-in credentials to assure Single Sign-On (SSO) across applications. This is a more secure and convenient alternative to forcing users to create and record unique passwords for all programs and access points – or worse, recycle their credentials across platforms.

The number of defenses that networks can employ are virtually endless so organizations need to be wary of adopting more solutions than their teams can handle. When security teams are juggling management portals, it’s more likely that one area of the defense strategy might get overlooked. Teams should seek out solutions that give them holistic insight into network traffic so they’re in the best position to monitor the front lines of cybersecurity. 

Chris Park brings more than 13 years of experience in corporate network security to his position as CIO at iboss, where he is responsible for creating and driving the company's IT strategy. As resident expert in all aspects of iboss solutions and infrastructure, Chris is ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I think the boss is bing watching '70s TV shows again!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26246
PUBLISHED: 2020-12-03
Pimcore is an open source digital experience platform. In Pimcore before version 6.8.5 it is possible to modify & create website settings without having the appropriate permissions.
CVE-2020-29279
PUBLISHED: 2020-12-02
PHP remote file inclusion in the assign_resume_tpl method in Application/Common/Controller/BaseController.class.php in 74CMS before 6.0.48 allows remote code execution.
CVE-2020-29280
PUBLISHED: 2020-12-02
The Victor CMS v1.0 application is vulnerable to SQL injection via the 'search' parameter on the search.php page.
CVE-2020-29282
PUBLISHED: 2020-12-02
SQL injection vulnerability in BloodX 1.0 allows attackers to bypass authentication.
CVE-2020-29283
PUBLISHED: 2020-12-02
An SQL injection vulnerability was discovered in Online Doctor Appointment Booking System PHP and Mysql via the q parameter to getuser.php.