A Layered Approach to Defending your Network
In order to remain resilient to attack in today’s increasingly high-risk cyber landscape, companies must remain focused on protecting each and every layer of their infrastructure. This requires top-to-bottom coordination across the whole network architecture and throughout on-premises (physical), data centres (hybrid), and cloud (virtual) environments.
No matter how you choose to run your network security, be it independently or through the expertise of a managed services provider, an integrated and layered security strategy is essential. Here we discuss 6 ways in which to establish stronger enterprise security across each of the layers of your network.
Establishing a Better Defence Strategy Across the Layers of your Network:
Every business is different and will therefore choose to implement their defence strategy in their own unique way. Based on our experience however, we’ve put together a definitive list of ways you can work to improve your defence strategy in 6 effective ways:
Take the ‘P-D-C’ Approach
The P-D-C approach is the ‘Protect, Detect and Correct’ approach. But what is it exactly? Well, now more than ever, it’s crucial that businesses accept that comprehensive protection reaches across every infrastructure layer. So, in order to meet such challenges, we propose the P-D-C approach which consists of:
- Protect your network and business data
- Detect any gaps in your network security perimeter
- Correct any vulnerabilities
Apply ‘Defence-in-Depth’ Tactics
The concept of Defence in Depth (DiD) according to OWASP is that “layered security mechanisms increase security of the system as a whole”. So, should “an attack cause one security mechanism to fail, other mechanisms may still provide the necessary security to protect the system”.
So, for instance, let’s say you rely wholly on a firewall to offer security for an internal application. Yet. due to firewalls frequently being bypassed by persistent attackers, this isn’t always a good measure to rely on. Therefore, additional security mechanisms should be added to complement the protection that a firewall provides, and that address other routes of attack.
Ideally, each of the 7 layers of your Open Systems Interconnection (OSI) model, as well as the human layer, must be accounted for in your company’s Defence in Depth (DiD) approach. From Network IDS and IPS to web application firewalls, and malware analyser tools, to host level IPS with DLP, not to mention decryption and encryption etc. All must be stacked and layered from the Application Layer (Layer 7) all the way down to the Physical Layer (Layer 1) of protection.
Manage your Evolving Baseline
It’s imperative that all key participants within your ‘risk team’ agree upon the specified objectives of your defence strategy in order to execute it accordingly. By ensuring an approach whereby security testing, evaluation and analysis are regularly undertaken, as well as locking down access control across your organisation (in order to prevent users from installing unauthorised software), you’ll find targeting unusual behaviour within your company far easier, as opposed to say; taking a ticket approach to every single security alert you receive.
Monitor Network Vulnerability
Factor in all hardware and software segments, and user groups of your network into a daily, weekly, biweekly or monthly schedule, so that at least every 90 days all segments will have been patched and scanned for the latest vulnerabilities on at least one occasion.
We suggest putting together a point of contact list for each segment, so you know who is held accountable for mitigating discovered vulnerabilities and out-of-date patches. Doing so will ensure a collaborative culture of testing and developing mitigations as part of your company’s normal compliance of your company compliance exercises or audits etc.
Don’t Forget – Reporting is your Friend
Should you need to demonstrate the fact that you’re taking suitable precautions, reporting is quite simply the answer. Afterall, you can’t tell if anything’s working if you can’t report on it.
Ultimately, your reporting processes should enable you to clarify what’s wrong, prevent it from happening, resolve the problem, and finally… ensure it doesn’t happen again. To achieve this, here are four basic forms of reporting that we suggest you consider implementing:
- Management Reports i.e., which spam has been blocked, how many viruses have been caught etc.
- Technical Reports i.e., the growth in firewall CPU load etc.
- Technical Reports of Exceptions i.e., unusual internet traffic levels, viruses that succeeded app protection etc.
- Reporting of Serious Problems i.e., should a scheduled scan flag up something crucial, timely alerts can ensure you remain informed when it matters most.
Encourage Team Training and Collaboration
The best teams are collaborative with each other and continuously cross-trained as a culture. This is especially important in larger establishments with dispersed teams and various duties split across multiple areas of a business. To accomplish such a culture within your organisation, consider creating new ways of cross training your team to leverage the likes of online and virtual penetration testing, malware analysis and forensic tools.
Rethinking your Approach to Network Security…
The effect of a security breach can be crippling to the successful operations of a business. From recovering from data loss, a damaged reputation, and business interruption, the costs can often be severe, sometimes resulting in the demise of an enterprise. If you’re keen to rethink your company’s approach to network security, Rio IT can help.
As explained above, it takes a comprehensive suite of solutions to accommodate the complexities of your layered security architecture. Find out more by contacting Rio IT – our friendly team are always happy to help.