Defense-in-depth is often viewed as the castle walls that provide an effective cyber defense for an enterprise. It’s commonplace for enterprises today to fashion their security architecture around multiple layers of security by purchasing countless security tools ranging from firewalls to user behavioral analytics. Enterprises still face breaches and malicious attacks despite using these tools. This begs the question: are more tools needed or should a completely different approach be considered?
The correct answer is the latter. Defense-in-depth has fostered a troubling false sense of security—many enterprises have become too reliant on it as their deus ex machina cybersecurity solution, leaving them vulnerable to brand-new threats. That’s because the mass proliferation of disparate enterprise security technology now connected to corporate networks creates silos that are more advantageous to hackers. This has significantly expanded the potential attack surface and created gaping holes in the castle walls.
Attackers are leveraging these gaps by targeting the easiest way in and working their way through the network. From malware on HVAC systems to distributed denial of service (DDoS) attacks utilizing video cameras, one single point of entry can lead to a far wider attack on an enterprise’s entire network. The security landscape has not only become easier to penetrate for these hackers but it has also become more costly to an enterprise. A single ransomware attack can incur thousands of dollars in ransom costs and potentially result in millions of dollars in business disruption costs.
Combating these new types of attacks requires going back to the drawing board and rethinking defense-in-depth as a cybersecurity solution. New threats and expanding attack surfaces from cloud to IoT require new strategies. Emerging IoT technologies are creating a landscape with more devices online than ever before with more than 30 billion devices online by 2020. This means more new devices will be introduced than there were in the first 20 years of the Internet era combined. Many of these new devices are increasingly developed with specialized operating systems specific to each device and closed to integrations. That translates to challenges in understanding vulnerabilities and creating more entry points than imaginable. The network perimeter is disappearing increasingly as organizations are accessing devices in the cloud, and users are connecting to cloud-based environments from disparate locations. All it takes is one single crack for a hacker to slip in and wreak havoc.
With so many devices and tools in a network, visibility is paramount. In Forrester Research’s Fail to Plan, Plan to Fail report, the survey found that 70% of IT staff were highly confident their IoT network was secure but a mere 18% were confident they could fully identify all the devices on their network. Foundationally, defense-in-depth needs to encompass at the core both visibility and continuous monitoring. After all, you can’t secure what you can’t see. Without insight and visibility, the veritable castle walls of cyber defense will continue to have gaping holes and attackers will continue to leap through these holes and storm the castle.
While enterprises thought that creating more layers of defense by using more security tools would keep them safe from these types of threats, the problem is that these tools often do not and cannot communicate with each other. This lack of integration hampers IT security teams as they have no comprehensive view into all of their security solutions. Couple that with the scarcity of cyber talent and the operational impact IT faces from so having so many tools – upgrades, content upgrades, and swivel chair work. According to an Ernst and Young survey, 70% of enterprises surveyed said they require up to 25% more funding for cybersecurity, with the other 30% saying they required even more. Enterprises need to better leverage and extract value from existing tools rather than simply opening their wallet. When security tools integrate and communicate with each other, it builds higher defense walls that make the castle that much harder for hackers to breach. Putting it all together, the odds are increasingly stacked against the efficacy of defense-in-depth in its current state and the protection it can actually provide.
Smart organizations are already taking note and rectifying defense-in-depth’s shortcomings. According to research from ESG, 26% of enterprises are engaged in a project to automate and orchestrate security operations. In order for defense-in-depth to make sense as a viable cybersecurity solution today, work needs to be done on fortifying the castle walls to stand tall against today’s ever-changing threat landscape. As hackers and attacks grow in frequency, sophistication and impact, so too must defense-in-depth be re-evaluated and revamped to keep enterprises safe and secure. Technology may help significantly but the castle walls of cyber defense are also built by having proper processes and policies in place from the start.