The evolution of the concept of “Defense in Depth” in the age of the cloud and digitalization | Bfore.AI
For business leaders, digital transformation is not an option but an imperative that disrupts business models. Companies that negotiate this digital shift too late will suffer and may even disappear. Faced with the urgency of the transformations to be accomplished, the business lines often take direct charge of digital projects, but not without risk in terms of governance.
These transformations bring with them increasing risks in terms of cybersecurity and therefore increasing needs to protect the organization, employees and customers.
Traditional cybersecurity models, which have proven their worth until now, are now showing their limits in this new context: methodologies are not fast enough, hardly cover the entire perimeter of the company and sometimes are not specialized enough. These shortcomings can lead some organizations to miss business opportunities or, worse, to create vulnerable systems by circumventing the rules to move faster.
At a time of increasing hybridization of information systems, it is important to look at these new issues with a more integrated approach to cybersecurity through concepts such as the “Zero Trust” model or the “cybersecurity mesh”.
The traditional concept of “defense in depth” challenged by digital transformation
A defense-in-depth strategy refers to an approach to cybersecurity that uses multiple layers of security for holistic protection. A layered defense helps security organizations reduce vulnerabilities, contain threats and mitigate risks. Simply put, with a defense-in-depth approach, if a malicious actor breaches one layer of defense, it can be contained by the next layer of defense.
The concept of defense-in-depth was originally conceived by the U.S. National Security Agency (NSA) and takes its name from a common military strategy. A defense-in-depth cybersecurity strategy is similar to the layered defenses of a medieval castle with moats, drawbridges, towers, etc.
The defense-in-depth strategy covers people, technology and operations. It provides guidelines and best practices for securing physical infrastructure, organizational processes and IT systems.
The evolution of defense-in-depth strategies
Historically, most organizations have developed defense-in-depth strategies around traditional perimeter-based security models designed to protect on-premises IT infrastructure. A traditional defense-in-depth security implementation contains a wide range of security elements, including:
- Endpoint security solutions – antivirus software and endpoint detection and response (EDR) tools to protect threats from PCs, Macs, servers and mobile devices; and endpoint privilege management solutions to control access to privileged endpoint accounts.
- Patch management tools – to keep endpoint operating systems and applications up to date and remediate common vulnerabilities and exposures (CVEs).
Network security solutions – firewalls, VPNs, VLANs, etc. to protect traditional enterprise networks and legacy IT systems.
- Intrusion detection/prevention tools (IDS/IPS) – identify malicious activity and thwart attacks on traditional on-premises IT infrastructure.
- User identity and access management solutions – single sign-on, multi-factor authentication and lifecycle management tools to authenticate and authorize users.
Defense-in-depth strategies challenged in the digital age
Traditional perimeter-based IT security models designed to control access to trusted enterprise networks are not well suited to the digital world. Today, enterprises are developing and deploying applications in enterprise data centers, private clouds and public clouds (AWS, Azure, GCP, etc.) and they are also using SaaS solutions (Microsoft 365, Google Workspace, Box, etc.). Enterprises need to evolve their defense strategies in depth to protect workloads in the cloud and defend against the new attack vectors that come with digital transformation.
Whether applications are hosted on-premises or in the cloud, history shows that sophisticated attackers can penetrate networks and fly under the radar for weeks or longer. The 2020 SolarWinds blockchain attack, for example, went unnoticed for nine months, impacting more than 18,000 organizations.
It’s the comprehensiveness of access that’s complicated to address: having a single policy that can deploy the rights of who accesses what and when, everywhere… companies aren’t there yet! But this will surely rely on the corporate directory.
In response, many companies are taking a “Zero Trust” approach and adapting their security policies, using a combination of preventive controls and detection mechanisms to identify attackers and prevent them from achieving their goals once they have penetrated a network. Another model that will continue to gain popularity in the next few years is “Cybersecurity Mesh”. This will enable organizations to benefit from more adaptive, explicit and mobile models for unified access management.
Prevent the next Cyber Threat
Bfore.AI patented AI technology combined with hyperscale observation infrastructure and modern APIs augment our customers security postures with Predictions.
Discover Predictive Cyber-Security
Book a live demo with our specialist to discover how Bfore.AI helps organization fight cyber threats with their patented technology.
Comments are closed