Ad Image

Defense-in-Depth: Paving the Way Forward in Cybersecurity

Defense-in-Depth

Defense-in-Depth

Solutions Review’s Contributed Content Series is a collection of contributed articles written by thought leaders in enterprise software categories. Sam Crowther of Kasada examines how defense-in-depth can potentially pave a new path forward for cybersecurity as we know it.

Each day brings new research highlighting the rampant security issues that every online business faces, detailing how detrimental a cyber-attack is to their operations, bottom line, and reputation. Despite the multitude of security tools in the market, organizations are still facing an increasing number of attacks. The root cause is that attackers continually evolve their methods of attack to get around your defenses. If there are roadblocks in place that prevent them from making money, they will find another route.

This year’s Verizon Data Breach Investigations Report found that some 60 percent of all breaches occurred through web applications. Too many organizations would treat a finding like this as a “bot problem,” or an “API issue,” instead of looking at the larger picture. Attacks have many layers – so defenses should too. Concentrating solely on one security layer could mean that the most important layer – or at least the one being used in a current attack – is left unprotected.

Security is the sum of all available defenses. That’s why organizations need to question their current security stack and adopt a defense-in-depth strategy.

Download Link to SIEM Buyers Guide

What is Defense-in-Depth?

First, let’s define defense-in-depth. A defense-in-depth strategy involves using multiple layers of complementary defenses to protect against different types of attacks and add additional layers of difficulty to your security environment.

These different layers of security protections work together, making it more challenging for cyber-criminals to breach an organization’s defenses. By providing overlapping coverage, defense-in-depth helps to minimize the risk of a successful attack. For example, if an attacker manages to bypass the company’s firewall, they may still be detected by the intrusion detection system and prevented from accessing sensitive data.

Why is Defense-in-Depth Important?

Defense-in-depth acknowledges that no single security control is 100 percent effective at protecting against all cyber threats. If one layer of security fails or is compromised, additional layers are in place to protect against the attack. Not only is the likelihood of a successful attack reduced, as the entire process is now more difficult, time-consuming, and expensive, the redundancy this approach creates can enable a business to quickly identify compromised areas when an attack happens and prevent it from spreading further throughout the organization. It also can help a business to maintain non-impacted operations in the face of a cyber-attack.

A defense-in-depth approach is also becoming more popular with regulators and cybersecurity insurance providers, as these groups require certain standards of defense to be met to be compliant or qualify for a policy. Businesses that adopt a defense-in-depth approach can more easily demonstrate their commitment to and investment in cybersecurity best practices.

The Importance of Bot Mitigation to Defense-in-Depth

As part of a defense-in-depth approach, online businesses should implement a robust bot mitigation solution that complements other security tools as well as provides multiple layers of defense that change dynamically.

Bots often play a bigger role in cyber-attacks than people realize, and bots can result in significant financial losses, data breaches, and reputational damage. Attackers use bots to scale almost every type of attack on websites, mobile apps, and APIs. Because they enable actions to be conducted quickly, efficiently, and at a large scale, bots can help a threat actor look for an entry point into a network, or to try thousands of combinations of passwords and usernames until something works, or even test new zero-day exploits before a patch is released.

Bots have become such an essential tool for attacks and online fraud that it is a big mistake not to address them as a part of your defense-in-depth approach. You should look at solutions that are constantly updated and dynamically change how they defend against bots. Since bots are constantly learning and evolving, WAFs and static bot detection are no longer effective to protect against them. Attackers are driven by the opportunity to profit from their actions, so there is continued motivation for them to innovate around even the toughest defenses.

How Should Defense-in-Depth be Implemented?

There are key steps that a business should follow when deciding to adopt a defense-in-depth approach, including:

  • Assess: Conducting a thorough risk assessment helps identify potential vulnerabilities, assets, and threats. What is connecting to your network each day? What is it trying to? Is your site being overrun by automated attacks? Where are the physical, online, and process gaps in your environment? What works well, what doesn’t, and what should be addressed first?
  • Plan: Develop a cybersecurity strategy that outlines your business’ security objectives and the steps needed to achieve those objectives. This strategy cannot be static – attackers continually evolve their approach and the tools they use – and you should, too, with your defenses. Just because something worked six months ago doesn’t mean that a new AI-based tool hasn’t already helped an attacker find a way to “solve” your defense. In addition, new threats are uncovered all the time. Make sure you have a plan to stay on top of these adversarial approaches and regularly incorporate new defenses into your strategy.
  • Implement: No two organizations are exactly alike, especially when it comes to what an attacker may find valuable. It could be data, it could be merchandise, or it could even be competitive business information. The solutions must match the security objectives from the prior step. Multiple layers of security across your IT infrastructure could include firewalls, intrusion detection and prevention systems, identity management, bot mitigation, segmentation, security policy automation, and more. When considering which solutions to invest in, businesses should look for solutions that complement their existing security tools and provide the most value for their budget.
  • Educate: An essential part of a defense-in-depth approach is the shared responsibility of employees. If you haven’t already, educate your employees on what cybersecurity solutions protect which parts of the business. In today’s hybrid workplace environment, security awareness is even more critical. This education should be ongoing, and employees should receive regular training, including exercises that allow them to put their knowledge into practice.
  • Respond: Use solutions that leverage clean data to automatically respond to attacks and report back what has been prevented. You should also develop an incident response plan to provide a clear and coordinated response to a cyber-attack. This plan should include procedures for identifying and isolating the affected systems, containing the damage and recovering from the attack.
  • Monitor: Continuous evaluation of the effectiveness of your security solutions is critical. Your defense-in-depth approach should include visibility into traffic and attacks, allowing you to identify and address any weaknesses or vulnerabilities in the system regularly, upgrading solutions, or adding new ones where necessary. A critical element in this process is ensuring each layer works well with one another

Making Defense-in-Depth a Priority

During times of financial downturn, businesses often prioritize cutting costs over investing in new technology solutions. However, the frequency and severity of cyber-attacks will continue to increase regardless of the state of the economy. This is exactly why a defense-in-depth approach is necessary to fight back.

Investing in cybersecurity solutions can provide a strong return on investment (ROI) and protect a company’s assets, reputation, and bottom line. With each additional layer of protection, especially those that are continually updated to stay a step ahead of attackers, it becomes harder – and more expensive – for an attacker to succeed. Multiple layers can provide the robust and resilient cybersecurity posture you need to properly defend your organization and help you maximize the ROI of your security investments.

Download Link to SIEM Buyers Guide
Sam Crowther
Follow Sam
Latest posts by Sam Crowther (see all)

Share This

This article was written by Sam Crowther on July 21, 2023

Sam Crowther

Sam Crowther is an entrepreneur with a passion for cybersecurity. The Kasada founder got his start in the industry as a high school student when he joined the cybersecurity team of the Australian Signals Directorate (ASD). From there, he moved to a red team role at a global investment bank, an experience that inspired him to start his own company. With funding from leading U.S. and Australian investors, Crowther launched Kasada in 2015 to provide innovative web traffic integrity solutions to companies around the world. Based in New York and Sydney, Crowther loves creating simple technical solutions to complex problems and is motivated by challenging preconceived ideas and beliefs in order to have a positive impact on the world.

Related Posts

LLMs
Best Practices
ChatGPT, LLMs, and the Future of Cybersecurity
Cybersecurity Confidence
Best Practices
Restoring Cybersecurity Confidence Amidst a Resource Crisis
Cyber Talent
Best Practices
The Battle for Cyber Talent: A Balance Between Quantity and Quality

Udacity Cybersecurity Ad

Follow Solutions Review