Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
SPONSORED BY
1/18/2018
12:30 PM
Chris Park
Chris Park
Partner Perspectives
100%
0%

Applying Defense-in-Depth to the Digital Battlefield

How a layered security strategy can minimize the threat and impact of a data breach.

Defense-in-depth is a concept born on the battlefield, in a time where the greatest threat to an organization’s security was physical, not digital.

The challenge with defending the front lines of attack in the modern age is that on today’s virtual battlefield, the enemy is constantly advancing. Malware itself is now sold as-a-service on the Dark Web, giving hackers financial incentive to relentlessly evolve their tactics and exploit vulnerabilities at all levels of network access. While no approach is going to guarantee 100% security across networks and devices, there are layered strategies that can at the very least minimize the threat of network breaches while giving networks the posture to thwart data theft

Start at the Perimeter
You often hear about how the distributed nature of modern organizations has blurred the enterprise network perimeter, but there are still defenses that plug holes in the process. This perimeter security traditionally starts with firewalls, which evaluate packets of data entering and leaving the network based upon pre-determined access control lists.

Secure web gateways (SWGs) are then generally implemented behind this perimeter within the network to go a step beyond firewalls, assigning contextual information to the complete file or activity that can help better identify – and stop – malicious actors before they reach sensitive content or end users. Gateways provide a horizontal defense-in-depth strategy in that the most effective ones marry a slew of defense functionalities into one platform. For instance, the SWG might act as the web proxy for users sharing the network, dictating compliance settings and network protocols to all users accessing data over that network entry point.

So, while incomplete pieces of the file might make it past the firewall via non-flagged data packets, the gateway proxy will look at the complete file, take it apart, and evaluate it in-depth based upon predetermined access settings. Additional features like sandboxing, which take entire files and allow them to play out in simulated network environments to flag for malware, should also be included to compensate for threats that might not be known by existing filtering solutions.

Incorporate User-level Defenses
Endpoint security takes defense in depth to the user level, complementing defenses at the gateway. This is software that users install on devices to detect viruses should they sneak past the defense at the network perimeter. The settings at the gateway will help complement these endpoint defenses by coordinating with device and user registries to ensure that individuals accessing sensitive network data actually have the proper permissions.

In addition, identity and access management software help change user bad habits by safely collecting sensitive log-in credentials to assure Single Sign-On (SSO) across applications. This is a more secure and convenient alternative to forcing users to create and record unique passwords for all programs and access points – or worse, recycle their credentials across platforms.

The number of defenses that networks can employ are virtually endless so organizations need to be wary of adopting more solutions than their teams can handle. When security teams are juggling management portals, it’s more likely that one area of the defense strategy might get overlooked. Teams should seek out solutions that give them holistic insight into network traffic so they’re in the best position to monitor the front lines of cybersecurity. 

Chris Park brings more than 13 years of experience in corporate network security to his position as CIO at iboss, where he is responsible for creating and driving the company's IT strategy. As resident expert in all aspects of iboss solutions and infrastructure, Chris is ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-29378
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. It is possible to elevate the privilege of a CLI user (to full administrative access) by using the password [email protected]#y$z%x6x7q8c9z) for the e...
CVE-2020-29379
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. During the process of updating the firmware, the update script starts a telnetd -l /bin/sh process that does not require authentication for TELNET access.
CVE-2020-29380
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. TELNET is offered by default but SSH is not always available. An attacker can intercept passwords sent in cleartext and conduct a man-in-...
CVE-2020-29381
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. Command injection can occur in "upload tftp syslog" and "upload tftp configuration" in the CLI via a crafted filename...
CVE-2020-29382
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. A hardcoded RSA private key (specific to V1600D, V1600G1, and V1600G2) is contained in the firmware images.