Network SecurityAnd The Importance Of “Defense in Depth”

Network Defence:The Onion Model

Ever since the first viruses started infecting computers, IT departments have wrestled with whether it was more important to prioritize securing the network, or their endpoints. While every vendor will tell you they have the solution, the fact is that there are pros and cons to each, which is why security experts advocate adopting a “defense-in-depth” approach, and interweaving technologies to give them the best defense possible.

When looking at some of the recent US data breaches, many companies had invested heavily in the latest and greatest “next-generation” network detection-based security technologies. These work by trying to detect and block threats entering and leaving the network, and notifying security teams.

While this seems a fool-proof system on paper, the relentless noise generated by the literally thousands of daily alerts actually blinded IT to attacks. After all, trying to identify the one critical breach in a wave of thousands of security alerts is like trying to find a really sharp needle in a stack of regularly-sharp needles – not only difficult, but dangerous, too.

While there is an important place for network security – the simple fact that no system will ever be 100% secure shines light on the need for additional layers of security. Often network security solutions are trying to filter dangerous content from reaching vulnerable endpoints, but isn’t it better if we can make the endpoints less vulnerable? With this in mind, the best strategy is to build security from the endpoint out - reducing the attack surface and building defendable infrastructure.

While network-based security solutions can attempt to block threats before they hit the endpoint, the major problem with this approach is that companies that rely heavily on network security end up with an “eggshell” security stance – whereby a system is reliant on a single outer shell to protect all of the organization’s data. Without further securing the endpoints, even one small crack in the shell will leave the entire organization vulnerable, and this is without evening considering threats that don’t come via the corporate network.

Critical business data is accessed and stored on the endpoint, and as code – either good, bad or unknown – executes here, the endpoint effectively becomes the first line of defense for enterprise security against the latest APTs and cyber threats. The implementation of both network and endpoint detection into one inter-reliant defensive shell, or a “defense-in-depth” approach, removes the sole reliance on detection to block threats allowing organization to handle unknown and zero day attacks.

The main difficulty faced by detection solutions is the impossible trade-off between security and usability. Namely, all threats need to be deeply analyzed, but security teams simply cannot make employees wait while they address these issues, which would reduce productivity and staff morale.

Ultimately, this will often result in security features especially at a network level simply being disabled. Intel Security found that more than 30% of organizations disable network-based security features for this exact reason. Malware authors know this, and therefore will create attacks that simply lay dormant for a period of time to bypass the network sandbox. This has caused malware to evolve new methods of avoiding networks security products, including:

  •  Delayed onset
  •  Detecting virtualized environment
  •  Checking the number of CPU cores (network sandbox usually only presents one)
  •  Checking if user is real (monitor mouse movement, etc.)
  •  Exploiting the virtual environment to escape

With even the most effective network based defense facing the possibility of a breach, how can security admins ensure the same doesn’t happen to endpoints? The most effective way to complement a strong network defense is by reducing the attack surface of the endpoint.

This most commonly involves three key steps:

1. Removing administrator privileges – an extremely easy and cost-effective way to block malware from accessing the system and, and sensitive data.

2. Application whitelisting – allow only the known corporate approved applications to run preventing attackers from launching new malicious applications.

3. Sandboxing – isolate unknown or untrusted content such as websites, email attachments and downloaded documents away from sensitive corporate data to prevent attackers being able to access anything of value.

A bank doesn’t leave the vault door open just because they have a security guard on the door – they start from the vault and layer security outward. If the endpoint isn’t secure, and security admins do not ensure that both systems work in tandem, companies simply risk losing data, intellectual property, resources, money and invaluably, trust – in other words, everything.

Information-Management

 

 

« Close The Talent Gap - $10m Cisco Cybersecurity Scholarship Fund
Was The Internet Created In A Bar? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Cortado Mobile Solutions

Cortado Mobile Solutions

Cortado Mobile Solutions is the manufacturer of the mobile device management solution Cortado MDM.

FarrPoint

FarrPoint

FarrPoint is a specialist telecoms consultancy providing a range of services including cyber security assessments and technical assurance to safeguard your data.

Nouveau

Nouveau

Nouveau Solutions is a specialist IT managed services company with a strategic focus on delivering cloud, infrastructure, compliance, network and security solutions.

Abusix

Abusix

Abusix specializes in Internet security, network abuse handling, antispam and fraud prevention.

TCN

TCN

TCN is an advanced System Integrator and Infrastructure Company in Albania.

Orca Security

Orca Security

Orca Security delivers full stack visibility including prioritized alerts to vulnerabilities, compromises, misconfigurations, and more across your entire inventory on all your cloud accounts.

Dataprovider.com

Dataprovider.com

Our Brand Protection Suite gives you the tools to discover trademark infringement on the Internet, such as websites selling counterfeit products, even when this is not immediately noticeable.

Rede Nacional CSIRT

Rede Nacional CSIRT

Rede Nacional CSIRT is a national network of CSIRTs in Portugal aimed at cooperation and mutual assistance in the handling of incidents and in the sharing of good security practices.

Experis

Experis

Experis provide IT resourcing, project solutions and managed services. We enable organizations to cultivate individuals and teams prepared for the digital age.

Ciphertex Data Security

Ciphertex Data Security

Ciphertex is a leading data security company that specializes in portable data encryption and privacy protection storage systems.

ATHENE National Research Center For Applied Cybersecurity

ATHENE National Research Center For Applied Cybersecurity

ATHENE is the largest research center for cybersecurity and privacy in Europe, conducting application-oriented top-level research for the benefit of the economy, society and the state.

Virtual Infosec Africa (VIA)

Virtual Infosec Africa (VIA)

Virtual InfoSec Africa (VIA) is a wholly-owned Ghanaian company specializing in information security and cybersecurity solutions and services.

Avalor

Avalor

Avalor are on a mission to help security teams make faster, more accurate decisions by making sense of their data. With Avalor you can bring in data from anywhere, normalize it and analyze it.

Circle Security

Circle Security

Circle’s breakthrough security API unifies solutions for identity and data security into one architecture and empowers organizations to secure their identity, data and privacy in their applications.

Whitaker Brothers

Whitaker Brothers

Whitaker Brothers data destruction equipment can be found in 115 countries and every single continent in the world, from major military organizations to small offices.

ITButler e-Services

ITButler e-Services

At IT Butler, our mission is crystal clear: we are dedicated to providing top-tier cybersecurity solutions and best-practice methodologies to secure and enhance your digital infrastructure’s resilienc