Defense-in-depth: One size does not fit all

Defense-in-depth security strategies are the key to protecting your enterprise against the modern threat landscape. Continue learning more about closing gaps in security by identifying risks and mitigating them holistically.

May 9 2024 by

Jesus Vigo

Semi-truck hauling oversized load on highway, preventing all other traffic.

At 72%, there’s no denying that Windows owns the largest share of the desktop computer market globally. This majority is reflected by security solutions providers in the enterprise, which have historically seen a Windows focus first and foremost on how solutions are developed and marketed. In the global market for mobile OS, Android leads the pack with 70%, seconded by Apple at just over 29%.

In the previous blog in the defense-in-depth series, we discussed how the modern threat landscape continues to evolve, impacting organizations’ approach to cybersecurity. Coupled with the widespread adoption of mobile technologies in the enterprise, the explosive growth of mobile devices has created an overarching gap in the endpoint security for both company-issued and personally-owned devices that access, work and store organizational resources and data.

If mobile OS generates almost as much market share as their desktop counterpart, why are organizations’ security plans still led by a mostly Windows-centric strategy?

Put another way, most enterprise users utilize one computer for work but use a global average of 3.6 mobile devices per person. Ask yourself, how effective is a cybersecurity plan that focuses on protecting just desktop computers while leaving risks from mobile device security unchecked?

A glitch in the Matrix

While the ubiquity of mobile devices was the spark that ignited the fire on mobile usage growth globally, mobile adoption for work has certainly contributed to the causality of a paradigm shift in endpoint security. But it hasn’t done so alone, as other impactful changes include:

  • where users work physically
  • varying ownership models
  • multiple device types
  • differing operating systems
  • migration to cloud-based services

I suppose it is tempting, if the only tool you have is a hammer, to treat everything as if it were a nail.” — Abraham Maslow

The quote above, also known as Maslow’s hammer, refers to the Law of the Instrument. In short, it is a cognitive bias based on over-reliance on a familiar tool. This is in stark opposition to the conventional cybersecurity wisdom that recommends multiple protections in a defense-in-depth strategy for comprehensive layered threat defense, extending them across your entire infrastructure, forming a holistic security plan that accounts for impactful changes that represent the dynamic work environments of today.

Find out what types of mobile risk exist and how bad actors converge threats to impact the enterprise.

Greater than the sum of its parts

Earlier we showed desktop and mobile OS as two distinct entries to highlight how market share doesn’t make a good barometer for the focus of cybersecurity development. It’s important to note however that when it comes to threat actors and administrators, no distinction between vulnerable devices running a desktop or mobile OS are made.

Vulnerable is vulnerable, period.

It should be noted that risk doesn’t make such a distinction either, with many of the same risks leaving devices of any type or running any OS open to compromise.

Converged threats are the grouping of two or more threat types by bad actors to create sophisticated threats that are difficult to detect and harder to protect against. Consider the example of a threat actor that delivers the following payload to an unsuspecting user’s device, resulting in a data breach:

  1. An SMS message with a link to click on relating to a password-related problem (social engineering).
  2. Upon clicking on the link, the payload performs two actions: delivering a malicious code exploiting a vulnerability in the endpoint (malware); and a prompt for the user’s credentials on a phishing website.
  3. The malicious code compromises the device and gains access to other resources throughout the enterprise network (lateral movement).
  4. Combined with obtaining the user’s credentials, exploiting vulnerabilities provides threat actors with greater access (privilege escalation).
  5. Having stepped through the device to compromise other resources across the network, the threat actor copies sensitive data and uses it as the basis for extortion, among other attack escalations (data exfiltration).

At each step in the attack, the threat actor utilized unique threat types that — when chained together — made detection, prevention, mitigation and/or remediation of the converged threat more lethal simultaneously making it exponentially more difficult to stop.

Sadly, there is no silver bullet solution to stop converged threats. The best defense is a solution made up of multiple protections to mitigate each phase of the attack.

What is the best practice to mitigate multiple levels of risk?

The answer is a layered cybersecurity strategy.

Allow me to use a comic book reference to illustrate. In the Marvel movie, The Eternals, the titular heroes faced a threat that was far stronger than any single Eternal. While they were each powerful in their own right, this threat easily overcame them individually until they converged their strengths using the Uni-Mind. With this tool, their strengths were combined and their weaknesses minimized, providing them the edge necessary to defend Earth.

Applying that to cybersecurity threats, by layering protections, even if a threat should evade detection, the multiple layers above and below are positioned to mitigate them, effectively preventing the attack from succeeding.

Hungry for more details on how to close security gaps?

Find everything you need to transform your existing security plan today.