By: Markus Witcomb
Home / IT Security
Comments: No Comments.
Sometimes it seems like everybody talks about “layered security”, “layered defense”, or “defense in depth”, but nobody really knows what it means. The three phrases are often used interchangeably — but just as often, someone will use two of them to mean completely different things. There are actually two separate, but in some respects very similar, concepts that may be named by these phrases.
A layered approach to security can be implemented at any level of a complete information security strategy. Whether you are the administrator of only a single computer, accessing the Internet from home or a coffee shop, or the go-to guy for a thirty thousand user enterprise WAN, a layered approach to security tools deployment can help improve your security profile.
In short, the idea is an obvious one: that any single defense may be flawed, and the most certain way to find the flaws is to be compromised by an attack — so a series of different defenses should each be used to cover the gaps in the others’ protective capabilities. Firewalls, intrusion detection systems, malware scanners, integrity auditing procedures, and local storage encryption tools can each serve to protect your information technology resources in ways the others cannot.
Security vendors offer what some call vertically integrated vendor stack solutions for layered security. A common example for home users is the Norton Internet Security suite, which provides (among other capabilities):
Corporate vendors of security software are in an interesting position. In order to best serve their business goals, they must on one hand try to sell integrated, comprehensive solutions to lock customers into single-vendor relationships, and on the other, try to sell components of a comprehensive layered security strategy individually to those who are unlikely to buy their own integrated solution — and convince such customers that a best-of-breed approach is better than a vertically integrated stack approach to do it.
The term “layered security” does not refer to multiple implementations of the same basic security tool. Installing both ClamWin and AVG Free on the same MS Windows machine is not an example of layered security, even if it achieves some of the same benefit — making several tools each cover for the others’ failings. This is a case of redundancy rather than layering; by definition, layered security is about multiple types of security measures, each protecting against a different vector for attack.
Originally coined in a military context, the term “defense in depth” refers to an even more comprehensive security strategy approach than layered security. In fact, one might say that just as a firewall is only one component of a layered security strategy, layered security is only one component of a defense in depth strategy.
Defense in depth, by contrast, arises from a philosophy that there is no real possibility of achieving total, complete security against threats by implementing any collection of security solutions. Rather, technological components of a layered security strategy are regarded as stumbling blocks that hinder the progress of a threat, slowing and frustrating it until either it ceases to threaten or some additional resources — not strictly technological in nature — can be brought to bear.
You can’t block blended attacks by blocking every channel attacker might use without sealing off your business from the outside world. And solutions that monitor and block malware on single channels are only partially effective, because:
With blended, protection comes from correlation and analysis: this email appeal links to that fake website on thatbotnet, and so on—taking into account the code’s origin, history, structure, behavior, vector, target, and more. It’s a challenge for global multinationals and even governments to maintain defenses like these, and for a small or mid-size business, it’s economically impossible.
With the advent of cloud computing turns the economics on its head. SaaS routes all of a business’s inbound and outbound email and Web traffic through a provider’s network of high-performance data centers. The provider scans, tests, and then blocks, quarantines, or forwards the traffic using infrastructure, skills, and processes few businesses could afford on their own, and does it all outside its clients’ business networks.
Multi-layer corporate and small business internet security makes sense in the cloud, because the costs of infrastructure, bandwidth, and expertise can be shared across clients—and so can the information needed to correlate and block blended attacks.
Qaist IT provide vertically integrated solutions to protect your network, data and users with enterprise-grade solutions that integrate layered corporate and small business internet security, data-protection, data management, and policy management in the cloud.