What is defense in depth? In the previous article, I defined it as an approach to protection that involves layering a series of defense mechanisms to safeguard valuable data and information. Consider a factory setting: would the factory, receptionist, or factory workers allow anyone to walk in and roam freely? No, they wouldn’t, for reasons ranging from safety to the protection of intellectual property. The same thought process should be applied to your network. Although you may not be able to physically see potential threats, there should be mechanisms in place to detect them. The mindset used in securing a factory can also be applied to securing your network by implementing a defense in depth strategy.
To apply the factory analogy, let’s break this down a bit. Starting with access, most organizations use key cards to grant physical access to authorized areas of the factory. Translating this to network terms, how does a user gain access to the network? Assuming they are connected, they log in to a computer. To secure the login process, several technologies can assist with this. For example, Network Access Control (NAC) can determine if the device being logged into is permitted on the network.
To draw a parallel to the factory, think of MFA as a way to visually confirm a person’s identity. For example, everyone on your team recognizes you when they see or talk to you. If someone else were to sit in your seat, dressed like you and pretending to be you, it should raise red flags. Similarly, when identity access anomalies occur, your IAM (Identity Access Management) should alert you. If you are using automation, the automation engine should immediately revoke access.
"It's crucial to identify specific ways unauthorized users could infiltrate the network."
What if someone gained access to your network? It’s crucial to identify specific ways unauthorized users could infiltrate the network. Recently, due to a Cisco Zero Day Exploit, unauthorized users were able to breach the network’s front door. If this were to happen to your organization, what would the intruders be able to access and what mechanisms are in place to stop them? This is where tools, a secure access network design, and comprehensive plan come into play.
When considering the firewall access scenario mentioned above, it’s important to ask if you have a reliable IDS/IPS platform. When was the last time your organization conducted a red team/blue team exercise with a cybersecurity firm to test it? Ideally, your IDS/IPS should analyze, recognize, and prevent malicious intent. If it fails, what is your backup plan? Do you have basic measures in place, such as secure network design and access management?
In Part 3, we will expand the question: What if an unauthorized user has access to the network?
Missed Part 1? Read it here.
Meet the Author:
Chris Price is an experienced executive deeply committed to nurturing and empowering team members to realize their fullest potential. My passion lies in technology thought leadership, and my career has been dedicated to providing guidance and leadership in aligning technology with business objectives. In recent years, we’ve observed a significant evolution in technology, particularly in digital solutions, which have the potential to differentiate businesses and confer a competitive advantage in their respective industries. In this new era of digital business, organizations must embrace transformation. Within my team, we possess the expertise to guide organizations through the disruptions brought by digital innovations, offering innovative ideas and state-of-the-art technology to navigate these changes effectively.