Computerworld - The threat of increasingly sophisticated attacks against computer networks and systems is a recognized issue in the information security industry, as is the growing presence of attackers who are motivated by political, social, religious or economic issues.
The need for stronger defenses against attacks that contain multiple exploits is well understood by corporate security organizations, which are constantly looking at countermeasures to improve their defensive capabilities.
Since the introduction of antivirus software, firewalls and intrusion-detection software, the term "defense in depth" has been used as a label for a multilayered security architecture that involves the deployment of these technologies. The idea is to combine technology components with good security management practices to form layers of protection that will reduce the risk of attack or intrusion.
Defense in depth should be thought of not as a set of independent steps to be executed separately, but as a series of related and overlapping technical and nontechnical security measures that, when strategically deployed together, have a greater effect than their individual components.
To establish the components part, you will need to take these steps:
Bob McKee is an independent security consultant in East Longmeadow, Mass. He is a former director of corporate information security for The Hartford. He can be reached at firstname.lastname@example.org.
Photo Credit: John Soares
- Set up a team: Start with a team of experienced security professionals, perhaps led by a chief information security officer, to be the architects of a defense-in-depth strategy.
- Established policies: Have a set of well-communicated policies that clearly define acceptable use of corporate computer resources and that promote user understanding of the potential threats to the safety of information assets.
- Training: Ongoing training of those who will be first responders when and if an incident takes place is essential.
The most expensive and complex component involves building a security infrastructure and regularly evaluating its ability to deal with incidents through the following means:
- Prevention: Manage identities through strong user authentication, authorization and access control; configuration (patch) management; and regular assessments to identify vulnerabilities.
- Detection: Identify threats using up-to-date antivirus software, properly configured firewalls, intrusion-detection software, activity-log monitoring and intelligence gathering.
- Reaction/response: Activate a corporate incident-response team to isolate and contain incidents and use forensic tools for evidence handling.
Keeping pace with the growing volume and complexity of threats to the safety of sensitive information means examining the effectiveness of a security architecture at regular intervals. To that end, software products have been introduced that are designed to manage user identities, detect and prevent attacks, and facilitate activity log management. These products are surfacing from a long list of software companies, some of which are new to the security market and many of which are well-established technology vendors. They include offerings under the generic label "identity management," which provide a centralized approach to security administration including the authorization and authentication of users and help manage the life cycle of subject and object relationships.
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!