Defense In Depth
Defense in depth is defined as the layered security throughout an information technology (IT) system. A defense in depth system uses independent security methods that are tactically layered for a comprehensive approach to information assurance (IA). Currently, many organizations configure their environments to keep intruders out of their systems by practicing proper defense in depth.
Recently it has been discovered by analysts that social engineering toolkits are the first approach intruders take to penetrate a network. Intruders are going after “low hanging fruit” to gain escalated privileges on internal networks to wreck havoc.
Since networks change constantly due to patch updates and product deployments, systems are constantly put at risk for possible new vulnerabilities; practicing defense in depth decreases the likelihood of an adversary having the ability to successfully bypass a full stack of internal layered alerts and defenses.
Within the Violet platform’s Playbook interface is a list of benign real-world attack simulations. Violet’s Playbook also offers the ability for users to integrate custom text and files to reduce false positives and their risk for internal defenses efficiencies.
The list below displays a few techniques that have become a standard in the creation of an organizations threat modeling process. Threat Modeling can augment IT systems that leverage proper defense in depth. Intruders often change their approach when attacking, but their intent to steal or lock sensitive information has remained consistant.
- Uncovering Vulnerabilities
- Documenting Threats
- Identifying Threats
- Rating Threats based on Impact
Once an administrator understands an adversaries mission objectives, enabling threat modeling initiatives can give insight from an intruder’s perspective. Defenders can then evaluate controls and optimize policies to leverage defense in depth. This gives an organization a chance to prioritize threats — while evaluating specific threats economic and reputational impact to an organization’s business continuity plans.
Because Threatcare provides the template for moc exploit traffic, administrators can rate threats for risk based on their current defensive capabilities. Ultimately showing what information an organization is able to protect, and what controls will efficiently buy time from and/or prevent the consequences of an successful breach.