DEFENCE IN DEPTH
What is the history of Defence in Depth and where did it come from?
As a military strategy, Defence in Depth refers to obstacles that are placed in place to restrict intruders’ progress while providing soldiers time to watch their movements and formulate a reaction. Instead of retaliating instantly, the purpose of this strategy was to halt or postpone the attacker’s advance.
Businesses depended only on physical data centres that were safeguarded by numerous concrete layers before the work-from-home transition and the reliance on the Internet as the core point of everything. The office building was only accessible to badged personnel, and access to files required an active directory account and a corporate laptop with appropriate permissions. The worst-case situation occurred when someone from the marketing department acquired access to an engineering folder by mistake. This has been drastically altered in a short period.
What does Defence-in-Depth entail?
A cybersecurity technique that employs many levels of security for comprehensive protection is known as a defence-in-depth strategy, also known as a security-in-depth strategy. Security companies may use layered defences to decrease vulnerabilities, control attacks, and manage risk. In basic terms, using a defence-in-depth strategy, if a bad actor breaches one layer of security, the following layer of defence may be able to confine them.
The defence-in-depth concept was developed by the National Security Agency (NSA) of the United States, and it is named after a conventional military tactic. (A defence-in-depth cybersecurity strategy is sometimes known as a castle approach because it resembles the tiered fortifications of a medieval castle with moats, drawbridges, and turrets, among other things.)
How does depth in defence work?
All tiers of IT systems can benefit from a tiered approach to security. Defence in Depth may drastically improve your security profile, whether it’s a single laptop accessing the internet from a coffee shop or a fifty thousand-user company WAN.
A single layer of protection can never adequately safeguard an enterprise. Where one door may be shut, others will be left wide open, and hackers will rapidly exploit these flaws. When you combine a variety of measures, including firewalls, malware scanners, intrusion detection systems, data encryption, and integrity auditing solutions, you can successfully plug the holes that depending on a single security solution creates.
Elements of defence in depth
Security businesses are always creating new security products to defend networks and systems in the face of an ever-growing panorama of security threats. Some of the most frequent security features seen in a Défense in Depth approach are as follows:
Controls for Network Security
Examining network traffic is the first line of defence when it comes to network security. Firewalls block traffic from and to illegal networks and allow or prohibit traffic based on security requirements. Intrusion prevention systems frequently operate in combination with firewalls to detect and respond to possible security threats.
Antivirus Protection Software
Antivirus software is essential for safeguarding against viruses and malware. Many versions, however, rely significantly on signature-based detection. While these solutions provide significant protection against malicious software, skilled cybercriminals can abuse signature-based products. As a result, it is prudent to employ an antivirus solution with heuristic capabilities that monitor for suspicious patterns and behaviour.
Data Integrity Analysis
A checksum is a number that is assigned to each file on a system. This is a mathematical representation of a file that reveals how frequently it is used, where it came from and may be used to compare it to a known list of viruses and other harmful code. If an incoming file is not found elsewhere on the system, it may be flagged as suspicious. Data integrity solutions may also validate the originating IP address to guarantee it is coming from a known and trusted source.
Analysis of Behaviour
When a breach is in process or has happened, file and network activities can frequently give information. If the behavioural analysis is enabled, it indicates that the firewall or intrusion prevention system has failed. The behavioural analysis takes up the slack and may either issue alarms or implement automatic controls to stop a breach from spreading. Organizations must establish a baseline for “normal” conduct for this to operate.
UK Cyber Security Group Ltd is here to help
Please check out our Cyber Essentials Checklist
Please check out our Free Cyber Insurance
If you would like to know more, do get in touch as we are happy to answer any questions. Looking to improve your cybersecurity but not sure where to start? Begin by getting certified in Cyber Essentials, the UK government’s scheme that covers all the technical controls that will provide the protection that you need to help guard against criminal attacks. Or just get in touch by clicking contact us