Cybersecurity is a topic that is tough to stay on top of. New threats emerge all the time and it can sometimes feel like you are constantly reacting to threat after threat, scrambling to clean up the mess left by attackers and the incidents they leave in their wake. Instead of only focusing on incident response, you should take the more proactive approach of preventing attacks from taking place in the first place. That’s where defense in depth comes in.
Attackers are a savvy bunch, constantly coming up with new ways to penetrate your environment. But cybersecurity pros are no slouches either and there are ways they can combat whatever nefarious things come their way. When you need a comprehensive approach, jam-packed with security measures designed to combat a threat onslaught, you need defense in depth.
Defense in depth is about more than protecting your perimeter, it’s about adding defenses as you get closer to your critical assets.
- Chris Cochran
What is Defense in Depth? Moving Beyond the Surface
Defense in depth is a cybersecurity approach that involves protecting your environment under several layers of security protocols, rather than relying on a single protective measure. This method yields greater protective force against attacks because you have redundant safeguards throughout your environment or even on a single device—like posting sentries at each door throughout a home, rather than only at the front door.
Because no single security measure can block all attacks, defense in depth is a way to thwart attacks that get past your initial security measures. Chris Cochran, founder of Hacker Valley Studio, advises that businesses of all sizes adopt defense-in-depth methods for fortifying systems, from enterprises down to small businesses and even individual users.Cochran offers us several tips for implementing a defense-in-depth approach.
Stepping Up Your Cybersecurity With Defense in Depth
Every tech environment is different and tech stacks vary significantly. Regardless of your configuration, you can implement a defense-in-depth approach to make it more difficult to penetrate your environment.
Cochran recommends a few steps to help you identify what defense in depth might look like on your own systems.
- Create a threat hypothesis based on your environment. Begin by identifying what malicious activity might look like. What do anomalies look like? Pinpoint what constitutes abnormal behavior and normal behavior as a benchmark so that you can nail down anomalies when they occur.
- Identify your crown jewels or critical assets. What is the most important data or systems that need protecting? Locate your critical components and build layers of security out from that core.
- Implement anomalous detection measures. What intrusion detection systems can you implement? You need to consider prevention measures at the perimeter, but also at levels throughout your environment.
- Test your own system. Perform regular penetration testing on your environment. Get familiar with your own tech stack and it will become easier to detect anomalies and identify vulnerabilities. “The more you test your own systems, the better you understand your own environment and the more quickly you can identify what different looks like,” noted Cochran.
Defending Better with Best Practices
Cochran is a director of security engineering who secures environments every day. These are some of the defense-in-depth best practices he recommends.
Adopt a Hacker Mindset
If you want to protect your assets, don’t think like a protector, think like a hacker. To shift yourself into that mode, ask yourself these questions.
- How do you make it more difficult each step down the kill chain?
- How do you make it harder to exploit something in your environment?
- How do you make it more difficult to traverse in your environment?
- How can you strengthen things to make it more difficult to find and extract data from your environment?
- Ultimately, how do you make a hacker’s job so tough that they give up and go somewhere else?
Use Deception Ops
Cochran recommends using canaries in your environment to alert you when an unwanted person is nosing around where they shouldn’t be.
“Its only purpose is to lie in wait,” he said. “Once it's ‘touched,’ it sends a high alert to your security practitioners, letting you know that someone is in your network.” This is a deception technique that works in your favor.
Strengthen Your Onboarding Procedures
Cochran also suggests that organizations work closely with vendors to maximize the utility and security of any solution in your environment.
“So often people buy solutions and those just sit around not doing what they’re supposed to be doing,” he said. “Really do some due diligence, all the way from the perimeter down to the virtual asset. If everyone did that, we’d be in a good place.”
Using defense in depth helps put you in a proactive place, rather than a reactive one. It helps organizations identify, contain and resolve much more quickly.
“Defense in depth really helps when prevention is no longer possible,” Cochran said. “With defense in depth, put a focus into detection to learn when malicious things are happening. You can bring it to a close more quickly and it’s cheaper to handle.”
Get more articles like this delivered right to your inbox. Subscribe to CompTIA’s IT Career News and save 10% on your purchase of CompTIA training or exam vouchers.