There's no one silver bullet that can take down every attacker, but it’s possible to implement several layers of security that work together as a whole to defend against a myriad of attacks. Layered security stops a successful breach from a vulnerability in one defense and offers an onion design approach where each layer compounds with another to form a fully functioning, complete sphere of security. It protects the internal network and its data by surrounding it with several layers that an attacker must defeat, making security much more complex for a successful breach.
There was a time when enterprises depended on a robust hardware-based firewall that established a perimeter to protect the network from attacks from the outside. However, just as military defense strategy has evolved in order to combat advanced offensive tactics driven by technology innovation, today’s enterprise can no longer rely on single-focus solutions to protect itself from all threats.
Cybersecurity strategists now incorporate multiple defensive layers to combat embryonic threats by attackers who continue to advance their attack methodologies. Hackers are taking advantage of users and their devices in today’s mobile digitally connected world. IT security professionals need to think about enterprise security utilizing multi-layer defensive strategies so that if one layer is breached, the other layers will then carry out their designated role to stop the attack.
We will use the example of a typical ransomware attack to illustrate how a layered security strategy works. The primary deployment method for ransomware remains some sort of phishing attack. As most enterprises open port 25 for incoming traffic, a traditional firewall will not block it at the perimeter. The most effective tool to combat phishing attacks is an email security gateway. Like all tools, however, it is not foolproof as phishing experts are continually adopting new tactics in order to complete the journey to the user inbox.
Once a phishing email arrives at its destination, it is up to user discretion as to whether an embedded URL link is clicked or if a malware infected attachment is opened. This is where a user education training program can garner huge payoffs. However, even the most educated and experienced user can fall for novel social engineering approaches that have not been seen before. Should a user click on an embedded link, then protection must rely on the intelligence of a web filtering system, some of which utilize gateway anti-virus as well.
The last line of defense is an endpoint solution that can prevent malware from infiltrating and taking root within a device. If all else fails, the regular practice of backing up all of the data your users and organizational operations depend on is a necessity in an era where a single crypto virus such as WannaCry can sweep across the globe within hours, wreaking havoc and destruction on any device it is able to latch onto.
As the example illustrates, layered security is a systematic approach in which multiple defense strategies cover for the failings of each component. Although they work independently, they work collaboratively to protect enterprise devices. In the process of implementing these tools into a comprehensive strategy, the whole is greater than the sum of the parts. Because vulnerabilities are constantly being exposed and new malware compositions being created, enterprises must incorporate multiple defense strategies to stop-gap avenues of attacks. Below are the essential security layers that enterprise and personal power users should implement today.
1. Email Security
Email is a favorite and efficient tool for attackers. This is why close to 90% of targeted attacks today start with email. Email security involves multiple facets.
Attackers use email for phishing and malicious attachments meant to give them control of the endpoint computer or download malware to it. You can use different options when dealing with email filtering. You can block any email with an attachment or just ones with specific files such as executables. It gets much harder to filter phishing when the attacker leaves little more than a link or a request for information. User education and blocking certain sites using web filtering and monitoring are both options. Email filtering will stop a lot of malicious content from entering the network.
Traditionally referred to as spam filtering, email filtering now combats far more than simply junk mail that distracts workers and reduces productivity. Email filtering controls mail flow and blocks spam, viruses, malware, ransomware and links to malicious websites. It is best to choose a solution that also incorporates anti-virus protection that can strip malware attachments before they penetrate the network. Those companies that use a cloud-based email solution such as Office 365 should consider supplementing the very basic protection included in these packages with a third party solution built from the ground up to fully protect the users' inbox.
The email address has become the default manner in which users identify themselves on the web today. As a result, hackers mount continual credential stuffing attacks utilizing large botnets. Once a user’s email has been compromised, a hacker can search through saved messages to seek out sites regularly accessed by the compromised user. Hackers can also use those email addresses to conduct spear phishing attacks or simply mount general phishing attacks that can then impact the email reputation of your company. Implementing a multifactor authentication system for online email is a necessity today in order to protect identity seizure.
2. Web / Content Filtering
Filtering email stops malicious files from entering the network, but what if your users get an email with a malicious link on their private accounts that they access from work? Filtering web content will help protect your network from users accessing malicious sites during business hours and while using the corporate network to browse. Content filtering can also block sites unrelated to employee productivity, so you can block sites like gambling that can be used for scams.
Like its email security counterpart tool, web filtering must do more than just block offensive content and unproductive websites. It now plays a key part of the security arsenal in a layered cyber defense system. While users may deem themselves unfettered access to the web, such access is a high-risk point of vulnerability for all types of problems including security, legal and productivity. A modern-day web filtering solution must do more than simply scan domain names, however. It must be able to granularly filter malicious web content in order to block malicious sites, malware, viruses, malvertising, and ransomware. Whether you manage a corporation or a coffee shop, if your business provides web access for users, it needs to protect them with ample web filtering that is both content and security driven.
3. DNS Filtering
Instead of using just web content filtering, you can add DNS filtering to your layers. DNS filtering blocks sites from being accessed during the nameserver lookup phase of web browsing. This added layer to content filtering stops malicious traffic before it ever has a chance to reach the internal network. This is because the server connection is cut at the DNS stage of connecting a friendly name to its associated IP address.
Whether you are a company with remote workers that utilize public Wi-Fi to conduct business or a school implementing a one-to-one laptop program for your student body, you need to protect your devices both on and off-premise. With so many facets of the traditional datacenter being migrated to the cloud, it only makes sense that web filtering is hosted there as well.
Cloud-based DNS web filtering is fast becoming the implementation of choice for many organizations. With the insertion of simple client code on your enterprise devices, users can be forced to interact with a designated DNS no matter what the location of the device. Furthermore, protection is blocked before any HTML code is even accessed for malicious websites, preventing the web session from starting.
4. Endpoint Protection
Depending on the security people you speak with, endpoint security is either dead or critical to your data defenses. Anti-virus and anti-malware should be installed on any device where data is stored including tablets and smartphones. Attackers constantly change their code and tactics to avoid anti-virus detection, and zero-day attacks are difficult to defend against. However, with a layered approach endpoint security stops low hanging fruit such as known malware, ransomware, and other malicious executables.
Endpoints are also the servers hosted in data centers or internally. This hardware is usually more difficult for an attacker to successfully breach, but it's also a treasure trove of data that could potentially be worth millions on the dark market. Installing anti-malware on servers is still critical to your organization's security.
While many equate endpoint protection with anti-virus or anti-malware protection, the concept of endpoint protection today is far broader today. With the proliferation of mobile devices that follow users off-premise and the growth of BYOD programs, the process of securing a computing device is far more challenging than a decade ago.
At its core, the primary function of endpoint security is anti-virus protection. Traditionally, anti-virus applications relied on supplied signatures to combat malware. While this was highly effective in an era when malware strains numbered in the thousands, signature-based anti-virus cannot sufficiently scale enough in order to secure a device when a new malware type is released every 4.2 seconds. Today’s applications must be able to quickly monitor for suspicious file behavior and other anomalies. Simply put, anti-malware protection must be intelligent.
In addition to anti-virus, endpoint security involves other security practices as well.
5. Backup and Patching Strategies
Although backups and patch management are not security tools per se, they both play a vital role in a comprehensive security plan. Victimized companies that have been able to avoid paying cyber ransoms were able to do so because they had a well-conceived, tested backup strategy that they could reliably use to recover their data safely and securely. For this reason, ransomware perpetrators target backups as well in order to thwart recovery efforts. A 3-2-1 backup strategy that incorporates the air gapping of backups can be a savior in the event of an attack.
Patching all of your computer devices and network infrastructure is a vital security process as attacks involving zero-day exploits and outdated software are commonplace. Proper patching could have easily prevented some of the most devastating malware-based attacks within the last year. Patching goes beyond the process of running Windows updates. Routers, switches and even IoT devices such as cameras and sensors are all vulnerable to malicious code attacks. An automated patch management system will scan your network for missing patches in real time and send notifications to administrators.
Layered security involves more than simply layering new security tools on top of existing infrastructure. Layered security is an architecture that requires a well-conceived blueprint. A piecemeal approach to the implementation of security tools can introduce inhibitive complexities into systems management. Ironically, these complexities can create opportunities for hackers. It is important for both IT and C-level executives to inventory their assets and business processes in order to define their acceptable risk exposure to these.
In today’s hybrid enterprise environments, for instance, the approach to secure cloud assets is different than that of on-premise resources. No matter its design, IT departments must ensure that the entire technology stack is secure. It is also important for that IT not to silo their security functions and that all personnel works collaboratively with one another in establishing security practices, managing systems infrastructure, monitoring alerts and planning future purchases. In a sense, like your security architecture, your personnel must work in conjunction with one another.
A layered approach is much more effective than one large security platform, but it must be done properly. All components must be able to work together not against each other, which can be tricky if you purchase layers from individual vendors. A total suite of products is usually much more effective, but each component is built to work with the others.
When you take a layered approach, you have much more data, alerts and monitoring to control but it all gives you the bigger picture in your quest to completely secure your network. When one layer fails, the other should catch the suspicious traffic. Multiple layers might catch a security attack, and then you'll see multiple alerts. This might seem tedious but it's critical for a strong defense and quick containment.
Some of the biggest data breaches were the result of failed security. In 2016, a wave of ransomware attacks left hospitals technologically crippled and some were even forced to go offline and return to paper and pen logs. The ransomware was sent through email, which means several layers of security failed or were just never implemented including email filters, content filters, and anti-malware applications. Had the right layers been installed, the user would not have fallen for phishing emails that were then used to get users to download malicious content
Your organization is under constant and unpredictable threat of attack. Cybercriminals aren’t going away. Their methods are getting increasingly sophisticated as they evolve to meet new security solutions and standards. As malware writers change their techniques to evade detection, layered security becomes more important than ever to lower the probability of a successful attack and stop an attack even if one component of your defenses fail.
Implementation isn't always simple, it requires planning and expertise. Relying on a single security layer is no longer wise in today’s threat landscape. Organizations need to focus on the data they are protecting and build layers of security around it. Your clients and your bottom line will thank you.