Defense In Depth

Defense In Depth

Defense in depth is defined as the layered security throughout an information technology (IT) system. A defense in depth system uses independent security methods that are tactically layered for a comprehensive approach to information assurance (IA). Currently, many organizations configure their environments to keep intruders out of their systems by practicing proper defense in depth.

Recently it has been discovered by analysts that social engineering toolkits are the first approach intruders take to penetrate a network. Intruders are going after “low hanging fruit" to gain escalated privileges on internal networks to wreck havoc.

Since networks change constantly due to patch updates and product deployments, systems are constantly put at risk for possible new vulnerabilities; practicing defense in depth decreases the likelihood of an adversary having the ability to successfully bypass a full stack of internal layered alerts and defenses.

Threatcare, the leader in Proactive Data Security, offers the Threatcare Suite. The Suite is an Enterprise SaaS that acts as a virtual purple team. The Threatcare Suite can execute BAS (Breach and Attack Simulations) as well as a wide variety of other simulations to test your defense in depth from a browser based platform.    

Threat Modeling

The list below displays a few techniques that have become a standard in the creation of an organizations threat modeling process. Threat Modeling can augment IT systems that leverage proper defense in depth. Intruders often change their approach when attacking, but their intent to steal or lock sensitive information has remained consistant.

  • Uncovering Vulnerabilities
  • Documenting Threats
  • Identifying Threats
  • Rating Threats based on Impact   

Once an administrator understands an adversaries mission objectives, enabling threat modeling initiatives can give insight from an intruder’s perspective. Defenders can then evaluate controls and optimize policies to leverage defense in depth. This gives an organization a chance to prioritize threats — while evaluating specific threats economic and reputational impact to an organization’s business continuity plans.

Because Threatcare provides the template for mock exploit traffic, administrators can rate threats for risk based on their current defensive capabilities. Ultimately showing what information an organization is able to protect, and what controls will efficiently buy time from and/or prevent the consequences of an successful breach.