The idea of defense-in-depth has been around for nearly two decades. While it provided effective protection in the past, the recent spate of high-profile breaches and nation-state attacks proves defense-in-depth alone is no match for today’s threat environment.
Defense-in-depth, the layering on of security controls to ensure that attacks breaching one layer will be caught by the next, made sense in the old world, where perimeters were real and internal networks were fully trusted.
Borderless Networks and Evolving Threats Create Perfect Storm of Risks
Today, there are no clearly defined network perimeters as employees, business partners, contractors and Internet-of-Things (IoT) devices traverse the network and access sensitive corporate data from just about anywhere — be it the cloud, a cellular network or coffee shop Wifi router. With no hard outer shell of protection, attacks are just as likely to pivot off a trusted internal user (through phishing emails, drive-by malware downloads, etc.) than external means alone.
The nature of threats has also evolved to make defense-in-depth less effective. In the past, only the most well-funded and sophisticated attackers could afford to take the time to study a target’s full line of defenses and craft attacks designed specifically to thwart each layer. Today, advanced cyber attack toolkits are readily available for sale on the dark web.
It’s a perfect storm: The corporate attack surface is growing at the same time attacks are becoming more sophisticated and easier to pull off. So what’s the answer?
Zero-Trust and Automation
Defense-in-depth still has its place, but to keep up with emerging threats, organizations need to adopt zero-trust models and automation to keep it relevant. Instead of traditional port- and protocol-based security, zero-trust models use applications, data and user behaviors to set policies on how real-world data moves in and across networks, and applies them to each tool at every layer of defense. Automation is then used to leverage up-to-the-minute threat data, inspect traffic, apply zero-trust policies and block the lion’s share of attacks in real time.
Consider the example of an attacker tricking someone into clicking on a link in a phishing email to install malware on their PC. With zero-trust and automation in place, attempts by the attacker to pivot from the targeted PC to data elsewhere on the network would be blocked automatically and immediately. The policy violation could then be automatically communicated to a SIEM where it can be studied and translated into signatures that can detect similar attacks — which are then rolled out to all security devices in real time.
Security Fabric Optimizes Zero Trust And Automation
While this may sound like science fiction, our partner Fortinet is already making it a reality. It has applied the idea of zero-trust models and automation to defense-in-depth in its Security Fabric architecture.
With tools like Fortinet’s Advanced Threat Protection (ATP) framework integrated with FortiSIEM, security teams are able to apply policy across every security component in the fabric and have each tool communicate with all others to form a layered-yet-collaborative defense. If the ATP framework detects an attack, it can create signatures on the fly and propagate any indicators of compromise (IoC) to all other tools in the fabric — to ensure attacks are mitigated quickly and effectively.
CCSI can deliver the advantages of a modern defense-in-depth cybersecurity architecture that leverages zero-trust and automation to keep today’s attacks at bay. Learn more.