Technologies & SolutionsCyber ProductsCyber Case Studies

Defense in Depth: A Layered Approach to Network Security

In light of all the headline-grabbing network security breaches in the last year it's understandable that enterprises might be on high alert to prevent their own organization from being thrust into the spotlight.

Defense in depth
September 1, 2014

In light of all the headline-grabbing network security breaches in the last year – Heartbleed, Target, eBay, Adobe – it's understandable that enterprises might be on high alert to prevent their own organization from being thrust into the spotlight. Unfortunately, the silver bullet they may be looking for does not exist – today's cyber criminals are just too persistent.

Still, there is an answer.

A multi-layered defense in depth strategy helps organizations address many of the most common causes of breaches. Mobile endpoints are susceptible to malware and malicious attacks, particularly when devices are used outside the safe confines of the immediate corporate network. And even as the Bring Your Own Device (BYOD) and the Internet of Things (IoT) trends increase the number of mobile endpoints in corporate settings, defense in depth – network and security components providing redundancy and constant communication – lessens the chance these devices will become exploitable vulnerabilities.

 

The Basics of Defense in Depth

The first step of a defense in depth strategy to protect against network breaches should be to establish proper access control systems. Before granting access rights, an enterprise’s system should check whether users have the correct device identities (software, hardware and network attributes) and user identities (each individual attribute of a user). They should also have to meet certain role requirements. For example, a network could grant access only to employees using approved devices who are in managerial positions at the company and using secure network connections.

Network and security components must be able to communicate so that if an attacker penetrates one system, others can respond immediately to take preventative measures. IF-MAP (www.if-map.org) is a robust protocol that enables information sharing between disparate systems.

If an unauthorized user is able to break through these first layers of defense, perhaps by stealing user credentials, an enterprise can deprovision devices via a centrally managed VPN or revoke remote access rights. Both of these actions could be triggered as soon as a breach is detected.

As this example shows, defense in depth does not create an impenetrable cyber shield. Rather, it minimizes risk and keeps organizations one step ahead of cybercriminals.

 

 By Joerg Hirschmann, Chief Technology Officer for NCP Secure Communications 

KEYWORDS: cybersecurity strategies defense in depth layered security network security

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

close

1 COMPLIMENTARY ARTICLE(S) LEFT

Loader

Already Registered? Sign in now.

Related Articles

Related Products

See More ProductsSee More Products

Events

View AllSubmit An EventView AllSubmit An Event

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!