Defense in Depth from Inside and Out

For over a decade, information security professionals have been preaching the benefits of “Defense in Depth” to protect your organization’s assets from the constant barrage of external threats. The approach typically consists of layered prevention technologies that, working together, provide an impenetrable barrier of defense to protect your data. Typical components to this strategy usually include, at a minimum:                                

  • A Firewall
  • Antivirus and Anti-spam technology
  • Intrusion Detection and/or Prevention Systems
  • Automated Patch Management Systems

These typical defenses should be implemented in all data networks, and a variety of options exist for organizations of every size to establish a functional security perimeter around their critical data. However, a solid perimeter is no longer enough to protect your organization from the constant advances in malicious tools and techniques that have victimized very large organizations that had all of these tools in their arsenal. In many highly-publicized cases, the victims were compromised for months before they were able to detect a breach. Also, many documented breaches are the result of insiders (such as employees or business partners) who, intentionally or unintentionally, send confidential data out of their network. In many cases, the elaborate defenses designed to keep attackers from coming into your network are useless in keeping your users from taking the data out.

As a result, the best protection for your data network is a combination of prevention and detection controls to keep your organization informed about how confidential data is moving in and out of your network. Each prevention technology provides a potential detection point that can keep you informed about potential data breaches, whether they are the result of an external attack or a violation of your organization’s security policies. Technologies that can assist you in logging, identifying and controlling confidential or restricted data includes Digital Loss Prevention (DLP) technologies, Security Information and Event Management (SIEM) tools, and a wide variety of technologies to help your organization both implement and effectively manage security policy for your entire organization or individual users.

Creating, maintaining and constantly evolving information security strategies is and will remain an important topic.  While there are definitely a set of best practices, for many questions, there are no definite right or wrong answers.  As you continue to address your organization’s security needs, I hope you will share your thoughts and opinions, as well as successful approaches.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: