Blog > Best Practices Building a Multi-layered Cybersecurity Defense

Tuesday, Sep 14, 2021

BY: Team Nuspire

It takes more than one knight to defend a castle. You need different layers of defense with different characteristics to stop a wide range of threats. These include a drawbridge, a moat, and stone walls, not to mention marksmen with crossbows stationed along its ramparts.  

The same is even more true of your company’s infrastructure, especially given technology developments over the last two decades. Today, a single firewall at the perimeter is no longer enough. Your infrastructure extends beyond the edge of your network, covering the cloud, connections with supplier and customer systems, and, increasingly, connections from devices you don’t own running on home networks that you don’t control. You’re no longer just defending a castle; you’re protecting an entire realm.  

A wide array of risks and defenses  

Today’s more complex cybersecurity landscape has produced more defenses to cope with proliferating risks. These protections act at various points in your infrastructure, covering functions including anti-phishing and content scanning services.  

Some tools protect you from intruders both at the edge of your citadel and inside it. Identity and access management systems shield your resources from external compromise while also locking down internal access to thwart intruders that make it past your perimeter.  

Intrusion detection and prevention systems can look for suspicious traffic inside the network and in many cases contain it automatically. Endpoint protection is also imperative for protecting devices both inside and outside your network.  

This multi-layered approach to defense, also known as defense in depth, spans more than just technology. It also includes people, who you must train to be aware of security issues. You can achieve this with cybersecurity awareness programs that emphasize a ‘say something if you see something’ mentality.  

Finally, security must extend from the cyber world into the physical one. Protecting your assets from physical compromise means concentrating on the physical security of your facilities.  

Evaluating risks  

Organizing these defenses is daunting. Deciding which to focus on first means assessing your priorities. What ‘crown jewels’ do you want to protect and where are they? What outcomes – such as business uptime, protecting customer data, and compliance – are most important to you?  

Use questions like these to identify and prioritize the risk to your immediate castle, and to the realm further beyond. These risks often include employees, who may represent a malicious or unwitting threat. They might include regional or industry-specific regulations that introduce a compliance risk. They also include the technology you’re using.  

Technology risks include both knowns and unknowns. On the known side are exploits that have already been patched by vendors. Unknown risks include new hacking techniques and zero-day exploits that vendors haven’t yet seen.  

Lining up your defenses  

Having assessed the risks, it’s time to find the weaknesses in your armor that could render you vulnerable to them. This is the beginning of a gap analysis that will help you get from the security architecture you have to the one you need.  

Some common weaknesses include a lack of visibility into your infrastructure, which is often due to siloed environments that develop organically over time. Monitoring tools can help to overcome that problem.  

Once you’ve gathered that data, analytics technology can fill another frequent gap in enterprise defenses: understanding. Security information and event management (SIEM) tools will and help you to log and understand the output from your monitoring tools and enable you to derive operational intelligence from them in real-time.  

One type of intelligence is a picture of what’s normal. Many companies lack the ability to spot abnormal traffic or user activities. Proper traffic and behavioral analytics can establish baselines for normality, making it easier to spot suspicious signals.  

The importance of incident response  

When this data highlights an urgent security incident, many companies lack another important defense: a comprehensive incident response policy. This is a non-negotiable part of any layered defense, and is itself multi-faceted, including steps ranging from containment to mitigation and recovery. It requires technical expertise but also draws on other disciplines, including legal, customer service, and communications.  

With these requirements in mind, a robust incident response plan includes directions for team members spanning the entire organization, who must be trained and ready to execute them quickly while working together as part of a cohesive unit. Playbooks with response plans for different incident types can help here, as can automated response measures where technology allows.  

Nuspire excels in helping clients to create multi-layered defenses. Our expertise spans technologies from the core of the enterprise network to the endpoint. View our webinar on multi-layered defense, which includes a download link for our incident response template.