Why Do You Need a Defense in Depth Cybersecurity Plan?

May 28, 2019 Eric Dosal Eric Dosal

I want to tell you about the concept of “defense in depth cybersecurity,” wherein an organization sets up multiple layers of defenses to isolate individual assets on their network. It’s an important concept in modern cybersecurity architectures, and one that every business should adopt as best as they can.

Why do you need a defense in depth cybersecurity plan? More importantly, how can you create defense in depth for your organization?

Here’s a quick explanation of why setting up a defense in depth cybersecurity strategy is so important—plus a few quick tips for creating such a strategy:

Why You Need Defense in Depth Cybersecurity: Insider Threats

Modern cyber threats can originate from virtually (pun intended) anywhere—even from inside your own network. Hackers use all kinds of tricks to bypass your company’s tough perimeter defenses while careless or actively malicious insiders can create or exacerbate cybersecurity issues.

Defense in depth cybersecurity strategies are crucial for countering insider threats—those threats which originate from within the network itself. Without some kind of strong network segmentation to prevent attacks on the inside from hopping from one asset to the next, any insider threat would be able to easily compromise the entire network. From a network security standpoint, this is less than optimal.

Using a defense in depth cybersecurity plan restricts attackers by blocking them from moving onto other systems.

Why You Need Defense in Depth Cybersecurity: To Keep Your Most Sensitive Resources Secure

Does the cashier working a register need access to sensitive documents detailing the company’s intellectual property (IP)? Odds are the answer is no. Yet, when there is no segmentation to the network, it may be all too easy for someone with such a minor level of access to reach the highly sensitive systems that hold that data.

Creating defense in depth by segmenting the network helps to ensure that your organization’s most sensitive data is kept isolated (and thus more secure). It also helps you enforce a policy of least privilege by keeping sensitive systems separate from the ones that users who lack access can use.

Why You Need Defense in Depth Cybersecurity: To Minimize the Impact of Data Breaches

Data breaches are almost inevitable. Sooner or later, there will be an attacker determined, resourceful, or lucky enough to slip past the perimeter defenses somehow to start ripping data from your systems. What using a defense in depth cybersecurity plan does is make it harder for the attacker to get at everything.

Instead of having carte blanche to access everything all at once as soon as they get past the perimeter, the attacker will have to peel back each layer of network security that you have. This massively increases their “breakout time” (the time it takes them to move from one server/asset on a network to the next), which gives your network security team more time to detect and counter the attack.

When attackers can access fewer systems, they’ll be less likely to compromise as much data—thus reducing the severity and impact of any resultant data breaches. Yes, data will still be compromised, but attackers getting only non-personally-identifiable account information is better than them walking off with sensitive info like payment data or Social Security Numbers.

Enacting a Defense in Depth Cybersecurity Plan for Your Organization

Creating and enacting a defense in depth cybersecurity plan for an entire organization is an involved process that will take significant resources and time. However, the improvements to your network security will be well worth the effort. This setup process could easily be its own article, but the basic outline is:

  1. Audit Your Network. To create effective segmentation, you need to know where everything is on your network. Every asset, every gateway, every sensitive file, and every app.

  2. Organize/Consolidate Your Most Sensitive Data. Not every workstation in the company needs to have a copy of client/customer’s PII on it. Instead, sensitive data should be consolidated onto a single server/database (and one remote backup), with extraneous local copies being deleted. This way, if a workstation is compromised, there won’t be an immediate and severe data breach.

  3. Use Several Kinds of Firewalls. The perimeter isn’t the only place to put a firewall. Organizations should use app-level firewalls and endpoint firewalls to inspect traffic between nodes in the network as well. This minimizes the chances of an insider threat being able to pass from one network asset to another undetected.

  4. Continuously Monitoring Firewall Configurations. Setting up a firewall isn’t the end-all be-all for network security. Firewalls have to be periodically checked and reconfigured to make sure they aren’t obstructing legitimate traffic or causing network performance to dip (while maintaining their security benefits). Here, having a managed security service provider (MSSP) to manage your firewall can be enormously helpful because it ensures strong firewall configuration while freeing up your internal IT resources to focus on other goals.

Network security measures go beyond just having firewalls. Additional measures, such as encrypting stored data, requiring employee user accounts to have multi-factor authentication, and using security information and event management (SIEM) solutions to track cybersecurity incident data can all help to increase network security for your organization.

Need help setting up and managing a defense in depth cybersecurity plan for your business? Reach out to the Compuquip Cybersecurity team today to get help!

9-it-practices-putting-businesses-at-high-risk

Managed Security Services

Discover how to accelerate the effectiveness of your firewall monitoring and management.

Download Now