Boost IT security with a layered approach featuring a combination of tools and solutions.
Elephant calves in the wild are protected by the herd, which will circle the calf in order to fend off lions, hyenas, crocodiles and other predators. The huge size and coordinated action of the adult elephants creates a defensive ring that successfully discourages attacks.
In a similar way, a layered security approach harnesses multiple components to protect networks from threats. A formidable security infrastructure combining hardware, software and policy to protect all levels of an organization greatly increases the likelihood that a hacker will simply give up rather expend the time, effort and resources it would take to break through.
“Cybercriminals use a variety of methods to attack networks, so you need multiple defense mechanisms covering every potential point of vulnerability,” said Don Gulling, CEO, Verteks. “There’s no single ‘silver bullet’ that covers everything. You need a combination of tools and solutions to address security at the system, network, application and device levels.
“This would include firewalls and intrusion detection systems at the perimeter, along with anti-malware software and patch management for endpoint protection. A solid backup and disaster recovery system form an important last line of defense.”
A recent Forrester Consulting survey of 342 network security executives highlights the value of layered security. Organizations that deploy 10 or more security technologies experienced fewer breaches, respondents reported.
Specific technologies that should be included in a layered security environment include:
- Data encryption. Organizations should use strong, industry-standard cryptography — ideally AES-256-bit encryption but at minimum AES-128 — and make sure the cryptographic keys are properly managed. Reviewing the encryption controls of all devices, including PCs, tablets, smartphones and servers, should be part of any organization’s product acquisition strategy.
- Multifactor authentication. Verification should be based on a combination of identifiers such as something the user knows (a password or PIN code), something the user has (a security token or mobile app) and something the user is (a biometric identifier). Two-factor authentication has been required in many industries for years, but there is growing support for systems requiring all three factors.
- Strong passwords. A significant majority of all confirmed data breaches involve weak, default or stolen passwords. Organizations should have policies for regularly updating passwords, with requirements that make them hard to crack. Password managers that generate unique, strong passwords can dramatically improve the process.
- Identity and access management. Identity-based network access ensures that users can only access the resources, files and accounts they need to use for their jobs.
- Next-generation firewalls (NGFW). Along with traditional firewall capabilities such as packet filtering, network address translation and URL blocking, NGFWs integrate more robust features such as intrusion prevention, Secure Socket Layer (SSL) and Secure Shell (SSH) inspection, deep-packet inspection and reputation-based malware detection.
- Mobile security. Organizations should implement processes and software to enforce security policies for mobile devices. These should address issues surrounding network access, application download and usage, service usage, and device-level security features such as remote lock and wipe capabilities.
- Wireless security. Encrypting communications with devices such as routers, printers, point-of sale-terminals and credit card devices helps ensure that only authenticated wireless devices connect to the network. It’s also a good idea to use network segmentation to isolate guest access.
- Offline storage. Backing up to storage that is physically isolated from the rest of the network provides a level of protection against data corruption and ransomware.
While layered security delivers proven benefits, management complexity can be an unintended consequence — particularly for smaller organizations with limited IT staff. In a study from the nonprofit IT security association (ISC)², roughly three-quarters of the nearly 14,000 security professionals surveyed said it is becoming increasingly difficult to manage the proliferation of security products.
“Technology sprawl can certainly become an issue as organizations pursue layered security,” said Gulling. “Organizations must be careful not to overspend on overlapping solutions. Solutions that combine multiple functions or services can help reduce complexity.”
Unified threat management (UTM) and security information and event management (SIEM) are among the solutions that provide single-console management of multiple security measures.
UTM solutions incorporate email security, identity-based access controls, advanced threat protection, content filtering, data loss prevention and antivirus software. Some also integrate endpoint security, application sandboxing capabilities and cloud-based management features. Additionally, newer platforms allow orchestration of a variety of analytic tools and networking extensions. This integration makes it easy for administrators to enforce detailed security policies throughout the organization.
SIEM software makes it easier for organizations to analyze the overwhelming number of security alerts generated by a wide range of devices and systems. SIEM systems aggregate and analyze log data and security alerts from multiple systems to identify anomalies that could indicate suspicious activity.
The Value of Assessments
Security assessments can also be an effective weapon against complexity. With regular evaluations, organizations often find that simple configuration changes to existing security solutions will eliminate the need to invest in additional tools. The assessment process can also identify any overlapping solutions and any areas that could be improved through tighter integration.
Another essential element of a layered security environment is the breach response plan. A good plan should include internal escalation guidelines, a communications checklist, a plan to isolate affected areas and steps for gathering evidence. There should also be plans for how to engage with law enforcement, legal counsel, outside partners and public relations in the event of a breach.
Cybercriminals are continually updating their tools and attack methods in a never-ending attempt to find gaps in network security measures. Countering those efforts requires constant vigilance, continuous enhancements and regular assessments. A layered security approach creates a strong barrier by harnessing multiple defenses to create powerful protection against a wide range of threats.