Defense in Depth Layers

Defense in Depth Layers: 7 Effective Elements

This article simplifies the 7 elements to an effective Defense in Depth layers approach.  Read on to understand how your small business measures up with this strategy.

The pandemic created a remote work force overnightExperts estimate that cybercrime has shot up by almost 300% since the start of the pandemic.1 Technology leaders around the globe like Cloudz Biz are helping small business improve their cyber defense.

Relying on one basic security solution will, therefore, prove to be futile against sophisticated attack vectors.  This is where an approach like Defense in Depth Layers finds its relevance.

Think about Defense in Depth layers like the security around a house.  Homes with higher value goods in them, most of the time, contain additional perimeter fencing and gates.  Some homes might reside in a gated community.  After we discuss the elements below, we will discuss the security control areas.

Sign up for our FREE eBook on Ultimate Technology Strategy Guide to learn more about a Defense in Depth strategy for your small business.

Small Business Ultimate Technology Strategy GuideIncludes: - Defense in Depth
Small Business Ultimate Technology Strategy Guide

Elements of Defense in Depth Layers

A technology advisor or vCIO will help you implement all of the elements of an effective Defense in Depth strategy to minimize the chance of a threat getting through the defense.  These 7 (seven) elements include:

  1. Firewalls
  2. Intrusion Prevention and Detection System
  3. Endpoint Detection and Response (EDR)
  4. Network Segmentation
  5. The Principle of Least Privilege (PoLP)
  6. Strong Passwords
  7. Patch Management

We’ll discuss each of these in a bit more detail.

Firewalls

The firewall monitors all inbound and outbound internet traffic at a physical location as part of the defense in depth layers.  They will block and filter out unnecessary traffic and keep unauthorized users out.  For some small business owners, it may make sense to deploy a small firewall for your home environment.

Back to the home scenario, gates and fencing keep the unauthorized people out of your property.  Also, fences keep the dogs and kids inside.

Intrusion Prevention and Detection System

These systems scan the network and look for anything out of place.  If the system detects a threat, it will alert the owner and block the attack.  Typically, this software on your firewall.

One more note about this solution as a defense in depth layers, the solution automatically blocks and rejects unwanted traffic.

Similar to your house, people deploy a security alarm system to monitor the perimeter for threats.

Endpoint Detection and Response (EDR)

The EDR solution monitors the end points like the personal computer (PC) for any suspicious or malicious behavior in real time.  Again, an alert will be generated if something exists.

In the home scenario, this of this where you might store your jewelry or high value items.  Typically, another system monitors that area of the house to make sure nothing will be disturbed.

Network Segmentation

Network segmentation further safeguards segments of your business.  Like the video surveillance system exists on a different network segment than the finance team.

Think of this as different rooms within your house.  Not all guest invited over will ever get invited into the Master Suite.

The Principle of Least Privilege

This security concept only grants users’ access or permission to perform their task.  Future solutions look to even only allow certain administrative access when users need it.

For our house analogy, think of access to all the home security systems.  Very few people need that type of access.  Unless they monitor your home for you.

Strong Passwords

Poor password hygiene or even lazy administrators who use default passwords for network devices cause the weakest link in your environment.  Today, every small business needs to adopt a multifactor authentication (MFA) approach along with passwords to acquire the best protection.

Think of the guest at the gate of your property.  Security cameras and codes might let them in.  If no code or security solution exist, the person will just come right on to the property as they please.

With Microsoft 365 Business Premium, you can set and require everyone within your company to utilize strong passwords.  This solution also provides a built-in multifactor authentication solution.

Learn more about Microsoft 365 Business Premium and how this will benefit your business.

Patch Management

Security gaps left unattended due to poor patch management will make your small business vulnerable to cyberattacks.  Follow a deployment plan for all of your devices on your network.

For homeowners with large estates and technology throughout require patch management just as much as a small business.  Cyber attackers do get into video systems and monitor and respond through these systems.

Three Security Control Areas

We discussed above the 7 elements of an effective Defense in Depth layers.  Now, think of the importance of controls around these layers.

Administrative Controls

Policies and procedures fall under the administrative controls for small businesses.  These controls ensure the appropriate guidance and security policies are followed.

Examples include hiring practices or employee onboarding, data processing and management procedures, information security policies, vendor risk management and third-party risk management frameworks, information risk management strategies, etc.

Technical Controls

The hardware and software intended to protect systems and resources fall under technical controls.

Examples include firewalls, configuration management, disk/data encryption, identity authentication (IAM), vulnerability scanners, patch management, virtual private networks (VPNs), intrusion detection system (IDS), security awareness training, etc…

Some companies today implement defense-in-depth layers azure for their cloud solutions.

Physical Controls

Anything aimed at physically limiting or preventing access to IT systems falls under physical controls.

Examples include fences, keycards/badges, CCTV systems, locker rooms etc.

Defense in Depth Layers
Defense in Depth Layers

Defense in Depth Layers Final Thoughts

Reach out if you need some help with your Defense in Depth layers strategy.  Make sure you sign up for our eBook to get a more in-depth knowledge and expertise.  We will provide more defense in depth examples.

Remember this…

Never spend more than the value of the asset you are protecting!

 

Sources:

  1. FBI Report