Defense In Depth Means Attackers Need to Get Lucky More than Once

 In Cyber Security, Security

Firewalls are a first line of defense, but they’re only a first line. The threats to networks today are smart, persistent, and ever-changing, and it’s inevitable that an attack will eventually get past the firewall. There’s a saying that a hacker only has to be lucky once; information security needs to be lucky all the time.

Defense in Depth recognizes that no defense is ever 100 percent successful or 100 percent lucky. Because different defensive techniques have different weaknesses, defense in depth can block an attack that gets through an earlier control. Although even defense in depth doesn’t guarantee that no attacks succeed, it makes it much less likely and minimizes the potential harm.

Aspects of Defense in Depth

Defense in depth tackles security from several different angles. You can use:

Administrative controls.

These controls attempt to define who can access IT systems. Policies and procedures limit the systems and data users can access and what they can do with it. Background checks on potential employees are another form of administrative controls.

Physical controls.

Physical controls prevent malicious users from physically accessing systems. This includes steps such as securing access to data centers and placing security tags on devices to trigger alerts if someone attempts to remove them from the premises.

Technical controls.

These are the hardware and software tools you use to protect your network and applications. In addition to firewalls, you may use intrusion detection systems, data loss prevention systems, antivirus software, and network microsegmentation to increase security. Other technical controls include security measures such as encryption, multi-factor authentication, and biometric identification.

Effectively Using Defense in Depth

While each tool provides its function, effectively using defense in depth requires more than simply deploying multiple tools. Defense in depth should be part of a security strategy built around understanding your systems and data, knowing where you’re most vulnerable, and knowing where your high-value targets reside.

Once you have that insight, you can deploy a carefully selected set of tools that provide a strong level of protection. However, in order to ensure that no threats manage to slip through even multiple defensive layers, you can’t simply rely on your tools. You need to review the data collected in their logs to identify any patterns that reflect an attack, successful or otherwise.

This can be done either through manual review by your security administrators or by using analytics tools that crunch through the data. If you find any problems, you’ll need to determine whether they reflect an attack that was blocked or one that succeeded. If the attempt was blocked, that’s good news, though you still may want to consider enhancing your defensive layers. If the attempt succeeded, you’ll need to respond to the data breach to identify the scope of the exposure and take the appropriate corrective actions.

Have you built your information security strategy with enough layers? Prescient Solutions security services can help you implement security with the right number of tools to protect your valuable data. Contact us to make Prescient Solutions part of your defense in depth strategy.

Recommended Posts

Leave a Comment

Monitor and Repair Critical Active Directory Replication FailuresPrivileged Account Management Information Security