Information security experts are arguing that endpoint solutions are becoming increasingly less effective, and that they should only be used as the absolute last line of defense. We shouldn’t wait for the virus on our computer before we scan for it, or only download device management systems after a breach has already happened.
As cyber-attacks continue to advance rapidly and cyber-criminals always seem to be one step ahead, this single-line of defense approach is putting software at greater risk of breaches.
A new approach is needed – and a defense in depth strategy is just the ticket. Defense in depth is a military-based approach that works by slowing the enemy down and buying time to respond to the attack. Whilst the attacker struggles to advance, they can be surrounded and counter-attacked, to decrease their chances of succeeding. From a cybersecurity perspective, this means the software is better protected.
Readying the troops: The Role of Defense in Depth
The defense in depth technique can be used in many ways within the world of information security. The best defense policy is one that is pre-emptively implemented before any attack – not one that is set up after a breach has happened.
This can be done using first-line defense strategies such as firewalls, combined with additional measures. For example, encryption can be used to block unauthorized parties from accessing encoded information, or intrusion detection, where malicious activity can be identified. Additional measures like these can be used to form further layers of protection and limit the damage that an attacker can cause.
The common denominator in all of these solutions is that they are network-based. Networking is a vital part of cyber security, and particularly of defense in depth. Similar tools are required to set up effective network infrastructure and also maintain solid cybersecurity: secure network design isolates the most important parts of the network and limits access to different network resources.
The barricade: Interoperability of Network Security
Strengthening your network defenses requires integration of networking and security products. For example, an integrated security information and event management (SIEM) solution is able to ingest information from traffic monitoring tools in order to detect impending attacks and alert IT staff about the potential threat.
The reality is that there are many barriers to building networks with integrated security software. Adding to this, you have to decide which vendor – and how many – will be providing your integrated products.
In order to maintain communication between security and networking products, it seems sensible to only buy products from a single vendor. However, only a few large vendors have a full suite of both networking and security products, which tend to be expensive. Additionally, opting for a single-vendor solution may limit your options for growth. Your network can only evolve if the vendor has a product that will enable what you want to do in the future.
Buying products from multiple vendors is another viable option, but only if these products can integrate with each other. Although this is possible, it requires lots of research and can quickly become problematic if vendor partnerships change, or if a vendor suddenly stops supporting a particular integration with another vendor’s product. This is often the case if the vendors involved use proprietary software code.
Winning the battle: The Open Advantage
Open networking could be the solution. If vendors commit to open standards, systems can be created where a variety of networking and security products will work in concert. Designing products with maximum compatibility takes away the need to commit to a single vendor, and will also ensure that any existing network infrastructure will work in sync with future data center investments.
An open networking approach also means there is no need to wait around for a vendor to integrate two products. With open source, and access to the relevant APIs, it’s possible to create your own scripts to connect and automate network defenses.
Ultimately, there is no one solution in the rapidly evolving field of information security; good security practice requires interoperability and integration of solutions from multiple vendors. By creating systems where multiple products can work in concert, many layers of technologies and defense techniques can be woven together into the tapestry of everyday operations.