How Multilayered Security Provides the Best Defence
Effective threat identification and mitigation are the building blocks of a robust cybersecurity strategy. Inevitably, many choices are made based upon cost, complexity, suitability, and ease of implementation. However, a strategy built upon a limited range of security methods can fall short in providing an appropriate level of protection for…
Effective threat identification and mitigation are the building blocks of a robust cybersecurity strategy. Inevitably, many choices are made based upon cost, complexity, suitability, and ease of implementation. However, a strategy built upon a limited range of security methods can fall short in providing an appropriate level of protection for company applications and data. A multi-layered security approach provides comprehensive cybersecurity for the way most businesses operate today.
Instinctively, multi-layered sounds better than a single-control approach, no matter how effective or amazing that control might be. Business cases, however, are not made or approved on instinct. Therefore, we must rely on numbers to evaluate the benefits of a multi-layered security strategy.
For example, if a security measure is 99.9 per cent effective, then one in 1,000 potential breaches will get through. This would be a rather ineffective control in real life, but it works for our example. To expand to this example, add a different, complementary security measure with the same level of protection. is what we refer to as multilayered security. It might follow that the potential breach success rate is one in 2,000. But because probabilities are multiplied and not added, this two, “one in a thousand” chances provide a much better “one in a million” probability of a breach slipping through.
In cybersecurity, any defence deployed may stop an attack during its lifecycle. However, each solution utilised has its strengths, weaknesses and a distinct purpose, and when deployed in unison, these layered tools yield a more comprehensive security posture that is an order of magnitude more effective than a single, stand-alone deployment such as just endpoint protection. Clearly, security technologies do not come with effective labels on the box. However, using simple probability maths gives any security strategy additional merit and a compelling logic that helps convince stakeholders and executive buy-in.
Three ways to thwart attacks
Broadly speaking, there are four ways to thwart cyberattacks:
This type of defence, which includes most of the features of endpoint security, can be thought of in the same way that antibodies protect against infection. An attempted attack is spotted, and then an automated mitigation prevents infection and spread. That mitigation could come in the form of processes that are resistant to attacks or security measures that are triggered by predefined sets of circumstances or rules.
Here the defence measure is acting on the signs of an existing or in-progress attack. The technology knows what to look for, has the visibility of those threats and, if they are found, provides an organisation with an opportunity to respond or mitigate the attack. Without finding evidence of this threat, it would go undetected and most likely succeed.
According to Sun Tzu, the greatest victory is that which requires no battle. Translated to the modern security world, this means that if no attack surface is presented in the first place, no (external) breach can occur. Applied to IT security, this means that attacks can be avoided by not offering malware actors an attack surface in the first place. This avoidance strategy is still far too rarely used or assessed today in the course of minimising risk for companies. On the contrary, companies are often unaware of their attack surface, and the tools that track and minimise it are seen as “nice-to-haves”.
Much like attack surface minimising tools, deception technologies have played a niche role in enterprise security. However, they afford an incredibly powerful means to help protect any company or agency. These capabilities create an artificial attack surface and ensure that these environments/assets are heavily monitored. Deflecting the attacker this way both succeed in bolstering preventative measures and enhancing detection, providing a powerful force multiplier for any security team.
By incorporating all four of these mitigation and defensive strategies, an organisation has a provably higher level of defence. Without dipping into the hackneyed “Kill Chain” analysis, avoidance reduces attacks, protection stops those that get through, deflection captures and renders safe the remainder, and detection allows an active response to those that are unmitigated. Overall, the end result is a reduction in potential and actual cybersecurity incidents.
Zero-trust and the multilayered security strategy
A multilayered security strategy can help organisations respond to an ever-increasing threat level and adapt to a changed working environment. Many cybersecurity strategies that historically relied on protecting perimeters are having to be reassessed. Remote working, a trend that has been accelerated by the pandemic, is one of the shifts that security professionals are reacting to.
Accordingly, many businesses are moving to a zero-trust environment in which the networks between the user and the application are treated as ‘plumbing’ – they are no longer trusted environments. Traditionally, when employees are given access to the entire network, instead of just the application itself, the network and all other resident applications are at additional risk. This issue has become acute since increasing numbers of homeworkers brought about a widening of the corporate IT estate, which now includes a higher number of corporate and personal devices as well as residential access points.
Zero trust both enhances security while easing user access. . By taking an architectural approach in which software-defined policies, not networks, securely connect the right user to the right app or service, a single secure platform sits between users and the internet, inspecting all traffic and applying multilayered security for the highest level of protection.
Zero-trust improves and replaces the conventional network security model, and many enterprises are beginning to recognise the importance of fast access to applications when it comes to employee satisfaction in IT, irrespective of whether these applications are hosted on the internet, in private clouds, or in a data centre.
A lot of companies are becoming increasingly aware of the need to protect their devices, systems, and data assets through a multi-pronged approach to cybersecurity. This can be achieved without adding unneeded complexity or introducing friction for end-users. Inevitably, more and more security processes take place within the cloud, the site of application access. Multilayered security provides the best form of defence because it is proactive on multiple levels—avoiding, detecting, and protecting against cyberattacks and preventing the harm they cause.