New threats evade traditional security barriers
On-premises mitigation appliances and enterprise datacentres quickly become overwhelmed by high-volume attacks. Once online traffic arrives at your door, you have to deal with all of it, and if you cannot, you have lost the battle before the appliance can filter it.
Due to the limitations of this type of equipment, a multi-layered defence is recommended, which usually involves blocking attack traffic within the cloud, before it gets to you.
It is possible the protection you currently have in place is provided by on-premises hardware. However, considering how the threat landscape is changing, we have begun to see the need for an additional layer of defence which the cloud offers, capable of scaling to address the largest of attacks.
Companies lacking multi-layer protection can suffer costly damage from attacks which penetrate their perimeter without detection. IT decision makers are well aware of this and are increasingly showing lack of confidence in current capabilities of prevention and mitigation of malicious activities. According to IDG Research, only 30% are very confident that their IT can block malicious activities; only 17% are confident that the organisation can accurately predict gaps in IT infrastructure and only 19% are confident in IT’s detection capabilities.
The basic premise of multi-layered security is that no network security solution is 100% effective. This is true for any technology because every solution will have different strengths and weaknesses. Without multi-layer protection in place, network security is a gamble, particularly at its weakest points. For example, if an email with a malicious attachment reaches a user, you are gambling on the user to make the right decision about whether to open the email or send it to a spam filter.
Enter multi-layered security
The best approach is to layer multiple, best-of-breed technologies on top of each other. This approach delivers multiple layers of defence, which have different strengths and weaknesses, making it harder for an attacker to get all the way through to your data.
“Multiple layers of defence is the concept of having your data or infrastructure in the middle, with rings of security protection around them."
A multi-layer strategy delivers what today’s threat environment demands. A spam filter can prevent emails with malicious attachments from reaching users in the first place. A web filter can keep users away from websites contaminated with exploits. You might have these filters in place to prevent users from downloading exploits, but if those layers fail—and in some cases, they will—you will want to have anti-malware to check the code and the executables, and potentially put them in a sandbox and detonate them to see what their behaviour is.
Take note, multiple layers of defence built upon the same underlying technology or hardware, puts you right back at risk, as you don’t actually get multi-layered defence because all of those layers are going to have the same weaknesses, the same gaps and the same holes for attackers to exploit.
True multi-layered security – which is the industry-accepted approach – means a serious consideration of best-of-breed cloud-based technology.
Effective defence measures
What is important to understand is that these are not clearly distinct and isolated layers of security, but layers which integrate, intersect and mutually enforce one another. Applying and integrating a new layer serves to improve and further bolster the underlying layers.
Identity and Access Management: Controls the use of data and protects its circulation. It identifies who has the right to access which systems and data (and across which devices) – often with features such as single sign-on and multi-factor authentication.
Data Loss Prevention: The means of identifying and preventing unwanted leak or loss of data, blocking or placing content in quarantine to further protect or clean.
Classification & Secure Archiving: Marking and securely storing confidential or sensitive data such as customer and transactional data provides compliance with regulation along with company policies and is often a feature of data loss prevention tools.
File Encryption: The encryption of sensitive data before leaving the network without impeding their functionality.
Secure File Sharing: User-driven collaboration and third-party file sharing supporting synchronization and distribution.
Network Monitoring & Analysis: By deploying an analysis engine in combination with sensors throughout a network, IT can evaluate suspicious objects, identify concealed threats which have already penetrated and maintain a real-time view of incoming threats. Analysis can layout vulnerabilities, diagnose and create a roadmap for bolstering network protection.
Next-Gen Firewalling: Intelligent differentiation between valid and compromised traffic and protection against known and unknown threats such as malware with intrusion prevention, application and user visibility, SSL inspection, DNS and web filtering.
Sandboxing: Sophisticated malware bypassing traditional security is caught and detonated in a controlled and isolated environment for analysis and increased threat protection.
Patch Management: Strong system configuration and patch management capabilities help eliminate vulnerabilities quickly and maintain tight control over software throughout the network.
VPN: Encryption of data passage to and from outside the network.
Threat Detection: To spot suspicious activities or objects which are engineered for invisibility, security administrators should leverage threat detection. Threats are isolated and studied and integrated solutions can automate rollback to reverse any damage to systems or data.
Threat Analysis: Anomalies and suspicious behaviour is analysed to improve prediction and identification of threats for mitigation. Context visualization helps avoid false positives.
Threat Protection: Algorithms to provide automated analysis of traffic worldwide to discern between malicious and non-malicious files. Machine learning supports threat intelligence within a network, by detecting suspicious activity, even if that particular exploit is unknown.
Backup & Recovery: In the event that a malicious object such as ransomware succeeds in executing, administrators also need malware rollback capabilities to keep systems and data intact. Backup encryption should be an inherent feature.
Endpoint Protection: Endpoints are secure when IT has firm control over devices along with applications and enforces data policies for removable media and devices. Theft and loss and of mobile devices can be remedied with remote control.
Web Protection: By securing mail and internet gateways, IT can automatically detect malware, isolate threats, and keep users off watering hole sites. SSL certificates are popular feature preventing the interception of sensitive information from company websites.
Email Protection: Both in and outgoing protection to prevent other than the designated receiver to access contents with features such as anti-spam, anti-phishing and anti-malware.
The traditional security tools being used by many organisations may be effective within their reach, but there are gaps in most defence strategies which leave networks exposed to today’s threats. To keep an organisation protected from risks, IT leaders must deploy a multi-layer security solution that combines prevention, detection, and remediation in one manageable solution.
Cloud specialist focusing on AWS, GCP and automation with many years of operational experience. Certified AWS Solution Architect as well as AWS SysOps.
Find me on