Computerworld - The threat of increasingly sophisticated attacks against computer networks and systems is a recognized issue in the information security industry, as is the growing presence of attackers who are motivated by political, social, religious or economic issues.
The need for stronger defenses against attacks that contain multiple exploits is well understood by corporate security organizations, which are constantly looking at countermeasures to improve their defensive capabilities.
Since the introduction of antivirus software, firewalls and intrusion-detection software, the term "defense in depth" has been used as a label for a multilayered security architecture that involves the deployment of these technologies. The idea is to combine technology components with good security management practices to form layers of protection that will reduce the risk of attack or intrusion.
Defense in depth should be thought of not as a set of independent steps to be executed separately, but as a series of related and overlapping technical and nontechnical security measures that, when strategically deployed together, have a greater effect than their individual components.
To establish the components part, you will need to take these steps:
Bob McKee is an independent security consultant in East Longmeadow, Mass. He is a former director of corporate information security for The Hartford. He can be reached at firstname.lastname@example.org.
Photo Credit: John Soares
- Set up a team: Start with a team of experienced security professionals, perhaps led by a chief information security officer, to be the architects of a defense-in-depth strategy.
- Established policies: Have a set of well-communicated policies that clearly define acceptable use of corporate computer resources and that promote user understanding of the potential threats to the safety of information assets.
- Training: Ongoing training of those who will be first responders when and if an incident takes place is essential.
The most expensive and complex component involves building a security infrastructure and regularly evaluating its ability to deal with incidents through the following means:
- Prevention: Manage identities through strong user authentication, authorization and access control; configuration (patch) management; and regular assessments to identify vulnerabilities.
- Detection: Identify threats using up-to-date antivirus software, properly configured firewalls, intrusion-detection software, activity-log monitoring and intelligence gathering.
- Reaction/response: Activate a corporate incident-response team to isolate and contain incidents and use forensic tools for evidence handling.
Keeping pace with the growing volume and complexity of threats to the safety of sensitive information means examining the effectiveness of a security architecture at regular intervals. To that end, software products have been introduced that are designed to manage user identities, detect and prevent attacks, and facilitate activity log management. These products are surfacing from a long list of software companies, some of which are new to the security market and many of which are well-established technology vendors. They include offerings under the generic label "identity management," which provide a centralized approach to security administration including the authorization and authentication of users and help manage the life cycle of subject and object relationships.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts