Defense-in-depth: Understanding and adapting security for the modern threat landscape

Learn more about closing gaps in security by integrating and layering solutions.

April 25 2024 by

Jesus Vigo

3 rows of blocks are prevented from falling over by a small life preserver.

The industry has come a long way from the days of a standalone computer for each office employee. Weighing approx. 20-30 lbs. and taking up the majority of the space as it sits atop your desk. A heap of wires resembling a rat’s nest connects it to a litany of accessories, like multiple monitors, input devices, a printer and of course, a connection to the LAN. Most if not all of the resources users needed to stay productive resided in a combination of local storage and network shares located physically on-premises. Threat actors looking to compromise devices or gain unauthorized access to sensitive data had many flaming hoops to jump through to succeed in this endeavor.

Advancements in mobile technology signaled to users and organizations alike that how work was accomplished was ready to change.

And it did.

Welcome to the modern landscape

Mobile devices, like smartphones and tablets, including wearables of all types, are used personally and professionally by employees in many aspects of their day-to-day. From task management to increasing efficiency to working from anywhere wirelessly – multiple mobile technologies are used by individuals at the same time to do more with less.

…but evolution didn’t just transform how we work.

Threat actors too changed their tactics. Adapting to productivity changes by evolving threats and attacks to increasingly target users and the enterprise. By converging threats, finding novel ways to deliver malicious payloads and exploiting vulnerabilities in mobile technologies used by employees that are not under the security umbrella of the organization, attacks are made far more sophisticated. In turn, this means threats are not just harder for end users to spot but much more difficult for security professionals to defend against.

As we’ve come to realize, the idea that security starts and ends with the purchase of a prepackaged firewall is simply misguided.” – Art Wittmann

Today, threats now come from every angle.

Targeting all device types and operating systems; deployable over any network connection. On a global level, no user is safe – every connection attempt or access request presents a possible risk of compromise.

The shift to mobile devices and cloud-based technologies continue to erode the network perimeter.

A layered security approach is the only way to truly protect enterprise resources.

Aligning best practices to your organizational needs

In our defense-in-depth guide, one of the important aspects we touch upon is the role the four C’s play in your overarching defense plan’s ability to close security gaps. Going beyond simply protecting resources, “they work together to maximize efficacy while minimizing challenges.

The four C’s and what they mean for modern enterprise security:

  • Consistency: Treating all endpoints that access resources the same, regardless of form factor, device type, OS or ownership model.
  • Compliance: Aligning business practices, processes and workflows with best practices, governed by standards and frameworks (non-regulated industries), or regulatory requirements (regulated industries).
  • Consolidation: Merging IT and Security professionals into one cohesive team while also integrating cybersecurity architectures and processes.
  • Cost savings: Choosing solutions that integrate to best address your unique organizational needs on its path to compliance.

There are risks and costs to a program of action — but they are far less than the long range cost of comfortable inaction.” – John F. Kennedy

Holistic approach to cybersecurity

Management + Identity + Security = Best security.

The best security happens when it becomes part of people’s daily routines.” – Bruce Schneier

“Best” in this context is not being used to subjectively describe a specific product or vendor, but rather as an effective approach to how security should be carried out. Not as a trivial afterthought, an inconvenient restriction that slows down productivity or a frustrating obstacle to work around, but a seamless practice that occurs naturally within users' workflows. As Schneier suggests, “It should be ingrained in our routines and habits.”

The user-level interaction, of course, stems from a greater effective, defense-in-depth strategy that combines:

The resulting integration yields comprehensive protections that are layered deep within the security stack to mitigate threats at multiple levels. All this, while simultaneously extending security to users and all the:

  • Device types
  • Operating systems
  • Architectures
  • Apps and services
  • Network connections

they use to access data resources across your infrastructure.

Hungry for more details on how to close security gaps?

Find everything you need to transform your existing security plan today.