Why taking a layered approach delivers the best IT security protection


When it
comes to cybersecurity, it’s tempting to yearn for a silver bullet – one tool
that can provide complete protection against all threats. Unfortunately, that
isn’t realistic and is one of the main reasons chief information security
officers talk about levels of risk and risk acceptance, rather than in
absolutes.

Just like building a winning sports team, effective security requires careful selection of components with different strengths. It’s also essential for those components to work together as a cohesive whole. Having the right solutions in place can also have a force multiplier effect, enabling an increase in detection performance, intelligence gathering, and incident response that would otherwise be cumbersome to perform manually. The sum will be greater than the parts.

Endpoint protection tools and network detection techniques like deception have changed the game for security teams. But nobody does it alone, and even the staunchest proponents of such controls would never argue they are the only solution a customer requires.

Likewise,
focusing entirely on in-network protections would make it too easy to
infiltrate the network, potentially overwhelming those in-network tools.

Instead,
a balanced approach would be more successful, with an outer layer of security to
serve as the first line of defence by filtering out known threats. Next, there
should be a middle layer capable of identifying unusual or suspicious endpoint
processes. There should also be internal security that can detect lateral
movement and privilege escalation.  

Such
layered security can significantly improve an organisation’s detection
capabilities. While deception technology and endpoint protection are both
independently valuable, experience shows that having one layered over the other
dramatically improves detection rates.

Growing
threat sophistication

The need
for such a layered approach to IT security increases because attackers are
growing more sophisticated. This trend is concerning, but also expected.

Cybercriminals are constantly evolving and looking for new ways to break into
IT infrastructures.

For this
reason, being too reliant on any one security control or technique means your
organisation remains prone to attack. Instead, endpoint protection solutions must
create a complementary and highly effective detection net.

An
attacker might be able to evade one layer of defence (perhaps even two), but
with proven protection at every layer of the network, they’ll have a hard time
accomplishing their goals. Obfuscating the attack surface makes it especially
true, and deceptions can control the attacker’s path away from valuable systems
and data stores and towards a decoy.

Taking a
layered security approach also means carefully allocating available budgets to
ensure that organisations adequately resources each control. Paying too much
for one tool will leave one short when putting other elements in place. Take
time to evaluate the value of each solution carefully will deliver and portion
budgets accordingly.

It’s
important to remember that different tools offer specific capabilities but
putting the right combination of those tools together will deliver the best
possible security outcome. One must also recognise that this combination must likely
change over time. The threat landscape is continually evolving, so things that
might deliver adequate protection today may not be up to the task tomorrow.

In the
same way that a sports manager builds a team over time and understands that the
interplay between the individuals leads to a greater whole, a security manager
can achieve cohesive set of systems by following a layered approach and continuously
monitoring its performance.  It is
possible to build and maintain a robust security infrastructure that will
deliver the levels of protection your organisation requires, both now and in
the future.

Jim Cook, ANZ Regional Director, Attivo Networks 





Source link