The layered security of Defence in Depth (DiD)

Before remote working became widespread, office buildings only gave access to information to employees with credentials and an active directory account along with a corporate laptop with permissions to access company files. In this situation, the risk was lower, as companies relied only on physical data centres that were protected by tangible layers.

However, cyber threats are evolving and becoming increasingly malicious. And as threats evolve, so does cyber security, thus Defense in Depth (DiD). DiD provides a robust and comprehensive new approach to modern security.

DiD is a cyber security technique that makes use of different security measures to protect the integrity of information in such a way that it provides full enterprise security protection, even becoming redundant if necessary. This defence is based on layered security, and if the defence is compromised, additional layers are available to ensure that threats are not effective.

This type of cyber security has its origins in a military strategy that consisted in the adoption of different barriers that were placed to slow down the enemy’s advance and give troops time to monitor the intruders’ movements, thus developing a response. Thus, the attack is delayed rather than retaliated against immediately. In the field of cyber security DiD includes end-user security, product design and network security.

Its strategy lies in its approach to combine advanced security tools that protect data and block threats before they reach endpoints and networks. It also includes endpoint protection with anti-virus and firewalls, which remain fundamental elements of comprehensive security, but these work with new security methods to protect companies.

Architecture: layered security

In today’s cyber-smart environment, cybercrime is capable of rapid change, and a single layer of security is not enough. Defence in Depth builds a more secure network by layering and duplicating different methods of protection to minimise the likelihood of an attack.

Thus, a series of defences such as firewalls, anti-virus, intrusion detectors, port scanning and so on are layered on top of each other. The result is that companies can protect weaknesses that would otherwise exist if the network relied on a single layer of security.

DiD gives engineers time to implement updates and countermeasures against attackers, while the anti-virus and firewall layers block the attack from entering. In addition, the security architecture is based on controls designed to protect the physical, technical and administrative aspects of the network.

Accordingly, the layered security architecture consists of:

• Physical controls: these include security measures that prevent physical access to IT systems, such as controlled access doors.
• Technical controls: those measures that protect network systems by means of specialised hardware or software such as anti-virus and firewalls.
• Administrative controls: refers to security measures that consist of policies or procedures directed at employees of a company, e.g. users labelling sensitive or confidential information.

In addition, the following security layers are in place to protect the individual characteristics of each company’s network:

• Access measures: these include authentication controls, biometrics, VPN and scheduled access.
• Workstation defence: this can be anti-virus and anti-spam software.
• Data Protection: this includes data encryption, secure transmission algorithm and encrypted backups.
• Perimeter defences: refers to firewalls, intrusion detection systems and prevention systems.
• Network attack monitoring and prevention: logs and audits of network activity, vulnerability scanners, sandboxing and security training are used.

In summary, there is a physical security layer, an access-controlled identity layer, a perimeter layer to filter large-scale attacks, a limited network layer, a computing layer that secures access to virtual machines, and a data layer that controls access to business and customer data.

Use cases

Among the main uses of this type of cyber security are website protection and network security. For the first use case mentioned, website protection, it is important to protect the user, DiD enables a combination of security and training offerings to block threats and protect critical data. This is done by employing, for example, WAF, anti-spam software, anti-virus, and so on.

Thus, a vendor delivering software to protect end-users from cyber-attacks can bundle several security offerings into one product, i.e. create packages that include anti-virus controls, firewalls and privacy controls. The result is a user network protected against application or malware attacks.

The second use case mentioned is network security, where an organisation sets up a firewall and encrypts data flowing through the network and data at rest. In addition, in the event that cyber criminals get past the firewall and obtain company data, the data is encrypted.

In other words, up to three layers of security are provided for network protection, a firewall is configured, an intrusion protection system is run with trained security operators and an anti-virus programme is implemented. So even if attackers get past the firewall layer, the IPS detects and stops them, and if they still manage to get into an end user’s computer and try to install malware, the antivirus can detect and remove it.

Players

There are different competitors offering this type of solution package. These include Imperva, Avast and Microsoft Azure.

Imperva offers a complete set of DiD security solutions, providing multiple lines of defence to protect your data and network. This service includes database monitoring, data encryption and vulnerability detection. They also provide web solutions such as WAF and DDoS protection, ensuring network protection against application layer attacks.

On the other hand, Avast’s service provides layered security for small and medium-sized businesses using a combination of several cybersecurity solutions designed to reduce the attack surface of a network and protect it from all angles. In particular, it focuses on the increase in attacks due to the use of mobile, IoT devices and the migration of many businesses to the cloud, as these hold the key to the data that cybercriminals want to acquire.

Also, Microsoft Azure offers Azure Sphere as a comprehensive IoT security solution, which includes cross-controller microcontroller, operating system and cloud migration components for device security and to actively protect enterprises and their customers.

Conclusions

In conclusion, the overlapping and duplication of security processes results in minimising the likelihood of an attack. Today, a number of companies make use of a layered security service, as a single-point security product is not sufficient to protect the company from the increasing sophistication of attacks by cyber criminals.

Defence in Depth gives administrators time to take action if a cybercriminal infiltrates an organisation’s network. Antivirus and firewalls must be in place to block incoming threats, protecting the company’s applications and data that could compromise its security and that of its customers.

Although redundancy in security, which may seem like a waste of money, employing a layered security strategy prevents attackers from getting the information they are looking for. This is because when one product fails, another security product is ready to take over the attack.

In conclusion, employing a set of defensive tools together, such as firewalls, malware protection, intrusion detection systems, data encryption and auditing solutions, suppresses security gaps and unprotected corners of companies.