Defense in Depth
Are you still relying on the strategy of building a castle with a moat to isolate your network and protect data? Much like castles became obsolete with advances in gunpowder, you must adopt a new security mindset. Your cyber defense strategy should mimic the integumentary and immune system providing innate and adaptive immunity.
The integumentary system provides for innate immunity by providing a physical barrier to prevent invasion by infectious organisms. The first-line-of-defense is the skin. A second-line-of-defense is the blood-brain barrier, which protects the vital and highly sensitive nervous system. The integumentary system also gathers information about the environment through various sensors. The immune system developed specialized cells to monitor different tissues of the body and recognize different types of bacteria and viruses, mounting a sophisticated defense to isolate and remove the harmful organisms.
- Use firewalls to protect the network boundaries – both internal and external.
- Segment the network into multiple layers and protect access through strong identity and access management.
- Group traffic and determine different rules for each type of traffic, e.g., email.
- Control the exfiltration of data.
- Use signature-based end-point monitoring to identify and isolate known attacks.
- Subscribe to threat intelligence and evolve defenses as new threats emerge.
The immune system also provides adaptive immunity. Each new threat encountered trains the immune system to recognize and quickly respond to a pathogen. Immunizations train the immune system to recognize and respond to future threats.
- Assume breach and perform threat hunting
- Baseline normal activities and search for anomalies; do not exclusively rely on signature-based detection systems.
- Think like an attacker, and defend accordingly.
- Just like autoimmune diseases can attack the body, privileged and internal users can be a threat to your system and data.