Not everyone understands that managed_security_layered_approach_clip_image002network security isn’t just about one specific issue. As a result, many end up not taking the required action to secure their networks. Some businesses believe that investing in an antivirus solution will cover every base.  Some wouldn’t even go that far as they’d think that a good firewall can prevent anything bad from entering the business network. If only they knew how wrong they are.

Security is a complex subject that affects a multitude of systems. A firewall will not prevent malware from reaching the network through email or a mobile device an employee attaches to your network. Nor will anti-virus software stop an employee from divulging sensitive information because s/he fell victim to a phishing email. And it doesn’t even stop there. The sad reality is that even in the event that one does cover every base, it would still not guarantee 100% security. Why? Security is a continuous war between security professionals and malicious hackers. Sometimes hackers find issues security professionals aren’t even aware of and, until those issues are discovered and fixed, hackers have a free pass through security defenses.

What can be done about this? 

The answer is layered security. Take a Russian doll. You open one and you find another and then another. Here you have multiple lines of defences. If an attacker can get through one layer of security by exploiting a particular unfixed vulnerability, they are then faced with another security layer.

Imagine are a victim of a targeted malware attack. The attacker writes a custom application designed to search your hard drive for documents and upload them to his/her machine. Let’s assume this software is written in such a way to avoid detection by anti-virus’ heuristic analysis technology.

Scenario 1: In a company that uses a single layer of protection, the attacker simply needs the victim to download and execute the malicious file. The anti-virus will not stop this attack because no anti-virus signature database will have signatures for custom-made malware and the malicious software itself does nothing that triggers the heuristic analysis. In this scenario the attacker can easily bypass what is usually a last line of defence, that is, the antivirus.

Scenario 2: In a company that has implemented multi-layered security, the attacker will be faced with a challenge. On the one hand, email protection software will intercept and quarantine emails that include executables. On the other hand, Internet monitoring software will detect and stop web pages that try to use exploits which run software without user interaction. The security controls in Internet monitoring software might also trigger reputation warning if the make-shift website includes suspicious elements. Even using a clever social engineering attack – such as leaving an infected USB stick in the organization’s parking lot for an innocent employee to pick up and plug into their workstation – would fail as you’d have endpoint security software in place that would prevent the use of unauthorized USB sticks, as well as block executables from running.

No security setup is infallible – nothing can ever change that; but by employing a layered security system you can ensure that the failure of one layer will not mean the failure of the entire security system.

Leave a comment