Remembering Defense-In-Depth Security

One of the recurring topics, in discussions with our clients, is defense in depth security practices. As a good refresher, defense-in-depth simply means a redundant multi-tiered security architecture, which ensures that each layer of technology is independently secure. This alleviates the opportunity for single points of failure and unauthorized access.

In the day-to-day rat race of patching systems, managing firewalls, developing software, meetings and so on the big picture of security within an organization is often forgotten. Do yourself a favor and stop to think about that for a second. This is important to you; regardless of what level in the organization you are or what role you play.

Historically, attacks have occurred primarily at the network and host levels. Hackers targeted firewalls and company networks, then found an unsecured port or unpatched system to further access the internal network. Firewall and system administrators have done a great job of changing that. More times than not systems and firewalls we perform testing on are secure. Yet other components of the technology infrastructure still are not. For example, web sites, wireless devices, mobile devices, and support staff to name a few.

Today, web sites are considered the low hanging fruit when it comes to finding a way into the network. In almost every case with our clients, we find a way into the application and furthermore access to the underlying data, like apples lying on the ground. Software is custom, written by humans, changed sometimes daily and rarely tested or reviewed for security. Time to market is the primary focus in almost every situation. Which means there is more room for error and less time for reviewing it from a security approach.

Another popular attack vector has become social engineering and physical security breaches. It is all too common that we encounter a customer support representative providing login credentials for a flagship application, simply by asking a few questions or making several callbacks.

In summary, enough emphasis cannot be applied to the importance of a defense-in-depth methodology to the overall security within an organization. This effort should be championed by the company’s CSO (or an equal role), and a series of steps should be defined to ensure that the methodology is carried out throughout all tiers within the organization.

19 replies
  1. plenty of fish dating site
    plenty of fish dating site says:

    Pretty element of content. I just stumbled upon your site and
    in accession capital to say that I acquire in fact enjoyed account your
    weblog posts. Anyway I’ll be subscribing on your augment
    and even I achievement you get admission to persistently rapidly.

  2. quest bars cheap coupon twitter
    quest bars cheap coupon twitter says:

    Hi there, just became aware of your blog through Google, and found
    that it is truly informative. I am going to watch out for
    brussels. I will appreciate if you continue this in future.
    Many people will be benefited from your writing. Cheers!

  3. ps4 games
    ps4 games says:

    Nice post. I was checking constantly this blog and I am impressed!

    Extremely useful information particularly the last part
    🙂 I care for such info a lot. I was looking for this particular info
    for a very long time. Thank you and best of luck.

  4. ps4 games
    ps4 games says:

    When someone writes an article he/she maintains the plan of a user in his/her mind that how
    a user can know it. Therefore that’s why this piece of writing
    is outstdanding. Thanks!

  5. ps4 games
    ps4 games says:

    naturally like your web-site however you need to take a look at the spelling on quite a few of your posts.

    A number of them are rife with spelling issues and I to
    find it very troublesome to tell the truth nevertheless I’ll surely come back again.

  6. quest bars cheap
    quest bars cheap says:

    I’ve read several excellent stuff here. Definitely value bookmarking for revisiting.
    I wonder how much attempt you place to make the sort
    of wonderful informative web site.

  7. ps4 games
    ps4 games says:

    Simply want to say your article is as surprising.
    The clearness in your post is simply spectacular and i could assume you are an expert
    on this subject. Fine with your permission let me
    to grab your feed to keep updated with forthcoming post.
    Thanks a million and please carry on the rewarding work.

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published.