Welcome to another post from the blog, where we dive into all things cybersecurity and help each other on our journey to becoming cybersecurity professionals. Today, we’ll be discussing Defence in Depth, a crucial aspect of maintaining a strong security posture.
Note, this is taken from TryHackMe’s Advent of Cyber 2022 event, day 23 of Defence in Depth.
Introduction
Defence in Depth is a more comprehensive topic in security compared to the ones we have covered previously on the channel. The concept is based on the idea that there is no single defence mechanism that can protect an organization from all security threats.
In the past, organizations have focused on securing their perimeter, much like the castle walls in medieval times. However, this approach is not enough in today’s modern world, where attackers are constantly finding new ways to breach even the strongest of defences.
The modern approach to defensive security focuses on disrupting the adversary’s objectives, securing everything in their path, and having a well-rounded defence layer in place.
This includes securing the perimeter, having multiple layers of internal security measures, and having the capability to detect and respond to attacks effectively.
Disrupting Adversarial Objectives
There are three levels of defence in modern cybersecurity. The first level focuses on securing the perimeter with firewalls, DMZs, and other preventative measures. The second level includes these measures with the addition of internal security measures such as network segmentation, zero trust, and least privileged access.
The third level goes full circle, incorporating the benefits of the first two levels, and ramping up the detection and response capability of the organization. This includes effective log collection and well-crafted analytics, ensuring that the organization is not only good at preventing attacks, but also capable of responding to them if they bypass the defensive capabilities.
Scenario
Let’s consider a scenario where an adversary has successfully breached the perimeter defences through a spear-phishing campaign. In a well-rounded defensive organization, the adversary would need to navigate a hardened environment filled with tripwires and traps.
Even if they were able to take over a specific user’s account, they would be limited in their actions due to the implementation of the principle of least privileged access.
Even if the adversary were able to move laterally to another user with better privileges, they would still face multiple layers of internal security measures, making it difficult for them to reach their ultimate goal. This is where the importance of having a well-rounded defence layer comes into play.
Conclusion
Defence in Depth is a crucial aspect of maintaining a strong security posture. The modern approach focuses on disrupting the adversary’s objectives, having multiple layers of defence in place, and the capability to detect and respond to attacks effectively.
By following this approach, organizations can ensure that they are better prepared to face the constantly evolving threat landscape.
Thank you for reading and stay tuned for more posts on the journey to Cybersecurity Professionalism.