As remote work becomes more permanent, many businesses are facing increased security vulnerabilities through common attack vectors like Remote Desktop Protocol (RDP). Additionally, the cyber threat landscape continues to evolve and as attacks become more sophisticated, a good strategy for defending your network involves a layered approach to security. The Defense-in-Depth approach (DiD) or “Castle Approach” to cybersecurity mimics that of a castle in medieval times—multiple layers of defense mechanisms for ultimate protection against external threats. Read on to explore the Defense-in-Depth method and learn how to build a strong security strategy to combat modern day threats.
How it Works
The idea behind the DiD approach is that combining multiple, redundant defensive measures is more effective against attacks than one single measure alone. With the DiD approach, even if one security control fails, there are still more layers of protection that an attacker will have to get through in order to access your data. This approach outlines how to protect each layer of your environment which we will break down below.
Breakdown of the DiD Approach
Awareness
The first layer of this security approach is to understand your security risks and how to avoid those threats. This is where you will set up policies and procedures and implement security awareness training for your employees.
Physical
What are you doing on premise to protect your assets? Protect vulnerable equipment and sensitive information by restricting access to authorized people only. This includes storing data and equipment in a secure facility, implementing camera surveillance, biometric access, etc.
Perimeter
The perimeter is a critical point of protection as it is the connection point between your internal assets and external network traffic (the Internet). Perimeter security includes implementing a Next Gen Firewall, logging, traffic control and security through obscurity to protect against automated scripted attacks.
Internal Network
This layer breaks down who has access to what internally. Security measures for this layer are meant to control internal network traffic to prevent internal abuse and threat progression. You’ll want to ensure you’re separating your guest network from your corporate network, and again, firewall, logging and traffic control come into play in this layer.
Host
Your environment is only as secure as the systems and devices that operate and run applications within it. To protect your network environment, be sure to implement OS patching and anti-virus, and don’t neglect old systems. Ensure all your systems are updated, that no software is out of date and that you have no operating systems that have lost support.
Application
Applications create opportunities for both procedural and technical abuses. If your organization develops apps, be sure to have quality assurance code controls and security tests in place to protect your website or application site. AAA/identity and validation are steps you can take to make sure access to the application is controlled.
Data
This layer is the center of information systems and the main target of malicious actors. It’s critical to protect data while in use, in transit and at rest which you can do by implementing encryption, backup and disaster recovery. Don’t wait until an event happens to figure out how to restore a backup, be sure to test so that you’re prepared if the worst happens.
Remember that effective cybersecurity is a marathon, not a sprint, so if you’re starting from scratch you may not be able to implement everything all at once. Focus on building up your security strategy one piece at a time, and always look for ways to improve. For more information on building a security strategy, check out our whitepaper: Beyond the Security Basics. If you’re ready to discuss security solutions with our experts, click here to schedule a consultation!