Why one size does not fit all

It used to be that enterprises would fall victim to vendor lock-in, and had no choice but to use certain security components provided by that vendor. For example, the common way to provide a VPN solution is to use a firewall as a VPN gateway. The problem in this instance is that it's the same appliance, which means if the appliance has a security issue, both the firewall and the VPN will be affected. However, if enterprises are using a different vendor for the VPN and firewall, that inherently adds another layer of security because remote access to the corporate network must be authorized by two components rather than one.

An enterprise's employees are connecting to the corporate network from a wide range of devices, locations and connection mediums, and complementary technologies can play a role here, too, to keep networks secure. Some organizations are leveraging a hybrid VPN which enables either SSL or IPsec connections to networks, depending on the situation. For example, many hotel Wi-Fi networks can be finicky when users attempt to establish an IPsec connection. Recognizing this, a hybrid VPN can utilize SSL to connect. With the two protocols working together, employees are able to connect from anywhere via a secure network connection. And as another example of defense in depth, forward-looking VPN vendors are taking remote access security a step further by creating solutions that combine the two methods to provide a second layer of encryption for all network communications.

Even so, a hybrid VPN is not a standalone security solution. A defense in depth framework will also include important network and security components such as robust anti-malware and anti-virus solutions, a firewall and intrusion prevention systems (IPS). Combining best-of-breed security solutions from a variety of vendors adds multiple layers of network defense.

Could such a framework have mitigated the threat of Heartbleed? Perhaps. What we do know beyond a reasonable doubt is that using a defense in depth strategy makes it substantially more difficult for cyber criminals to obtain sensitive information, which will keep users and data protected, no matter the threat.