Computerworld - The threat of increasingly sophisticated attacks against computer networks and systems is a recognized issue in the information security industry, as is the growing presence of attackers who are motivated by political, social, religious or economic issues.
The need for stronger defenses against attacks that contain multiple exploits is well understood by corporate security organizations, which are constantly looking at countermeasures to improve their defensive capabilities.
Since the introduction of antivirus software, firewalls and intrusion-detection software, the term "defense in depth" has been used as a label for a multilayered security architecture that involves the deployment of these technologies. The idea is to combine technology components with good security management practices to form layers of protection that will reduce the risk of attack or intrusion.
Defense in depth should be thought of not as a set of independent steps to be executed separately, but as a series of related and overlapping technical and nontechnical security measures that, when strategically deployed together, have a greater effect than their individual components.
To establish the components part, you will need to take these steps:
Bob McKee is an independent security consultant in East Longmeadow, Mass. He is a former director of corporate information security for The Hartford. He can be reached at email@example.com.
Photo Credit: John Soares
- Set up a team: Start with a team of experienced security professionals, perhaps led by a chief information security officer, to be the architects of a defense-in-depth strategy.
- Established policies: Have a set of well-communicated policies that clearly define acceptable use of corporate computer resources and that promote user understanding of the potential threats to the safety of information assets.
- Training: Ongoing training of those who will be first responders when and if an incident takes place is essential.
The most expensive and complex component involves building a security infrastructure and regularly evaluating its ability to deal with incidents through the following means:
- Prevention: Manage identities through strong user authentication, authorization and access control; configuration (patch) management; and regular assessments to identify vulnerabilities.
- Detection: Identify threats using up-to-date antivirus software, properly configured firewalls, intrusion-detection software, activity-log monitoring and intelligence gathering.
- Reaction/response: Activate a corporate incident-response team to isolate and contain incidents and use forensic tools for evidence handling.
Keeping pace with the growing volume and complexity of threats to the safety of sensitive information means examining the effectiveness of a security architecture at regular intervals. To that end, software products have been introduced that are designed to manage user identities, detect and prevent attacks, and facilitate activity log management. These products are surfacing from a long list of software companies, some of which are new to the security market and many of which are well-established technology vendors. They include offerings under the generic label "identity management," which provide a centralized approach to security administration including the authorization and authentication of users and help manage the life cycle of subject and object relationships.
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- The Truth About Cloud Security "Security" is the number one issue holding business leaders back from the cloud. But does the reality match the perception?
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!