Cybersecurity is a critical component of any organization or business. Threats to an organization's operations, data, and reputation evolve alongside technology. The Defense in Depth (DiD) approach is one of the most effective ways to defend against these threats.
DiD is a cybersecurity approach that layers multiple defensive methods to protect a business. Because no single security measure can guarantee that it will withstand every attack, combining multiple layers of security is more effective. This layering strategy was developed by the National Security Agency (NSA) and is based on a military tactic of the same name. Layers of defense in the military help buy time. However, in IT, this approach is intended to completely avoid an incident.
Because no single security measure can guarantee that it will withstand every attack, combining multiple layers of security is more effective.
ELEMENTS OF DID
- Firewall is like a security guard for your computer. Just like a security guard checks who's coming in and going out of a building, a firewall checks the information that goes in and out of your computer. It helps protect your computer from bad guys who might want to steal your information, like hackers or viruses. It acts like a barrier between your computer and the internet, only letting in the things that are safe and keeping out the things that are not.
- Patch Management is like getting regular checkups at the doctor's office. Just like how a doctor makes sure that you're healthy and gives you medicine or vaccines if you need them, patch management ensures that your computer and its programs are healthy and protected against harmful viruses or attacks. It's a process where your computer gets updates regularly to fix any problems and keep it running smoothly and securely. By keeping your computer up-to-date, you can prevent it from getting sick and avoid problems that can be caused by viruses or hackers.
- Intrusion prevention and detection systems are like security cameras for your computer. Just like how security cameras watch for any suspicious activity in a building, intrusion prevention and detection systems watch for any suspicious activity on your computer. They help protect your computer from bad guys who might want to steal your information, like hackers or viruses. It works by monitoring the traffic coming in and out of your computer and looking for any unusual or harmful behavior. If it finds anything suspicious, it alerts you or takes action to block the harmful activity.
- Strong passwords are like strong locks for your online accounts. Just like how
you wouldn't want anyone to break into your house and steal your things, you wouldn't want anyone to break into your online accounts and steal your personal information. A strong password helps protect your accounts from hackers who might try to guess or steal your password. It's important to choose a password that's difficult to guess, like a combination of letters, numbers, and symbols, and to avoid using simple passwords like your name or date of birth. By using a strong password, you can keep your online accounts safe and secure and protect your personal information from being stolen.
- Network segmentation is similar to dividing your home into different rooms by using walls and doors. Network segmentation, like keeping your bedroom separate from your living room or kitchen, assists in keeping different parts of your computer network separate from one another. By limiting the spread of a potential breach, you can help protect your network from cyber-attacks. If a hacker gains access to one part of your system, network segmentation can prevent them from accessing other parts.
- Endpoint detection and response (EDR) works by monitoring your computer's activity, like the websites you visit and the files you download, and looks for any unusual behavior. If it finds anything suspicious, it alerts you or takes action to block the harmful activity. EDR software can help protect your computer from viruses, malware, and other types of cyber attacks. (Are your devices eavesdropping?)
- The principle of least privilege (PoLP) is like having a security guard at your front door who checks who is allowed to come into your house. Just like how you wouldn't want a stranger to come into your house and access your personal belongings, PoLP helps protect your computer from unauthorized access by limiting who can access different parts of your computer. It works by giving users only the minimum access and privileges they need to do their job or use the computer. This means that if a user accidentally clicks on a harmful link or downloads a virus, the virus won't be able to access other parts of the computer because the user doesn't have the necessary permissions.
How IT service providers help defend against threats
An IT service provider will help you divide DiD into three security control areas:
The policies and procedures of a business refer to the guidelines and rules that govern how the business operates and how employees should conduct themselves in their roles. Administrative controls ensure that appropriate guidance is available to employees and that security policies are followed. For example, a company may have policies in place for how employees should handle sensitive customer information or how to report a potential security breach. These policies are designed to ensure that employees are aware of how to handle sensitive data and how to report any incidents that may occur.
Examples of administrative controls include hiring practices or employee onboarding protocols, data processing and management procedures, information security policies, vendor risk management, third-party risk management frameworks, and information risk management strategies. These controls help ensure that the business is operating securely and that employees are following established protocols for handling sensitive information. By implementing administrative controls, businesses can reduce the risk of data breaches and ensure that sensitive information remains protected.
Technical controls are security measures that are implemented through hardware or software to protect systems and resources. They are designed to provide a layer of defense against cyber-attacks and other security threats. Some common examples of technical controls include firewalls, configuration management, disk and data encryption, identity authentication (IAM), vulnerability scanners, patch management, virtual private networks (VPNs), intrusion detection systems (IDS), and security awareness training.
Physical controls refer to security measures that are put in place to physically limit or prevent access to IT systems. These controls are designed to prevent unauthorized physical access to sensitive information or critical systems. Some common examples of physical controls include fences, keycards/badges, CCTV systems, locker rooms, and more.
Don’t worry if you are struggling with developing a DiD strategy for your organization. We’re here to make things as simple as possible. Contact us to start the process of making your organization more secure.