Medieval castles stood as impregnable fortresses for generations, thanks to their meticulous style and design. Quick ahead to the digital age, and this medieval knowledge even now echoes in cybersecurity. Like castles with strategic layouts to endure attacks, the Defense-in-Depth system is the modern counterpart — a multi-layered strategy with strategic redundancy and a mix of passive and energetic security controls.
Even so, the evolving cyber danger landscape can problem even the most fortified defenses. Even with the common adoption of the Protection-in-Depth technique, cyber threats persist. Luckily, the Protection-in-Depth approach can be augmented utilizing Breach and Attack Simulation (BAS), an automated software that assesses and increases each and every security regulate in every single layer.
Defense-in-Depth: Bogus Feeling of Security with Levels
Also known as multi-layered protection, the protection-in-depth strategy has been broadly adopted by organizations since the early 2000s. It is really based mostly on the assumption that adversaries have to breach a number of defense levels to compromise valuable assets. Considering that no singular security regulate can provide foolproof security from the huge array of cyber threats, defense-in-depth has develop into the norm for companies all over the world. But if every single organization employs this method currently, why are security breaches nevertheless so frequent?
In the long run, the primary rationale is a bogus feeling of security from the assumption that layered remedies will usually purpose as intended. On the other hand, corporations should not put all their religion in multi-layered defenses — they will have to also continue to be up-to-day against new attack vectors, feasible configuration drifts, and the intricate character of taking care of security controls. In the facial area of evolving cyber threats, unsubstantiated believe in in defensive levels is a security breach ready to happen.
Perfecting the Protection-in-Depth Strategy
The protection-in-depth tactic encourages utilizing numerous security controls at various layers to protect against and detect cyber threats. Numerous organizations design these layers close to four essential layers: Network, Host, Application, and Details Levels. Security controls are configured for just one or more levels to retain a strong security posture. Ordinarily, companies use IPS and NGFW solutions at the Network Layer, EDR and AV options at the Host Layer, WAF options at the Software Layer, DLP options at the Information Layer, and SIEM remedies throughout a number of levels.
Despite the fact that this typical strategy applies to just about all protection-in-depth implementations, security groups are unable to simply just deploy security alternatives and forget about them. In actuality, according to the Blue Report 2023 by Picus, 41% of cyber attacks bypass network security controls. Nowadays, an efficient security tactic demands a strong knowing of the menace landscape and routinely screening security controls versus true cyber threats.
Harnessing the Electric power of Automation: Introducing BAS into the Defense-in-Depth Technique
Knowing an organization’s risk landscape can be challenging because of to the vast quantity of cyber threats. Security groups should sift by hundreds of risk intelligence reports daily and decide whether or not each and every risk could concentrate on their group. On leading of that, they need to take a look at their security controls against these threats to evaluate the effectiveness of their protection-in-depth tactic. Even if organizations could manually assess every single intelligence report and run a common assessment (these kinds of as penetration screening and red teaming), it would choose significantly much too a lot time and as well several assets. Very long tale quick, present day cyber danger landscape is impossible to navigate without the need of automation.
When it will come to security regulate testing and automation, 1 individual tool stands out among the relaxation: Breach and Attack Simulation (BAS). Considering that its initial visual appearance in Gartner’s Buzz Cycle for Menace-Facing Systems in 2017, BAS has become a important part of security operations for several organizations. A experienced BAS alternative supplies automatic threat intelligence and danger simulation for security groups to evaluate their security controls. When BAS options are integrated with the protection-in-depth system, security teams can proactively establish and mitigate likely security gaps ahead of malicious actors can exploit them. BAS performs with a number of security controls throughout the network, host, application, and details levels, enabling businesses to assess their security posture holistically.
LLM-Powered Cyber Danger Intelligence
When introducing automation into the defense-in-depth approach, the initially action is to automate the cyber menace intelligence (CTI) process. Operationalizing hundreds of danger intelligence reports can be automatic applying deep finding out types like ChatGPT, Bard, and LLaMA. Modern day BAS tools can even provide their individual LLM-powered CTI and combine with exterior CTI suppliers to evaluate and monitor the organization’s risk landscape.
Simulating Attacks in the Network Layer
As a basic line of protection, the network layer is frequently analyzed by adversaries with infiltration tries. This layer’s security is calculated by its capability to identify and block malicious visitors. BAS methods simulate malicious infiltration attempts noticed ‘in the wild’ and validate the network layer’s security posture against true-everyday living cyber attacks.
Examining the Security Posture of the Host Layer
Personal products these types of as servers, workstations, desktops, laptops, and other endpoints make up a important portion of the equipment in the host layer. These units are frequently specific with malware, vulnerability exploitation, and lateral movement attacks. BAS resources can evaluate the security posture of every single system and take a look at the efficiency of host layer security controls.
Exposure Assessment in the Application Layer
General public-experiencing applications, like internet websites and email solutions, are generally the most critical but most uncovered components of an organization’s infrastructure. There are countless illustrations of cyber attacks initiated by bypassing a WAF or a benign-on the lookout phishing email. Superior BAS platforms can mimic adversary steps to assure security controls in the application are working as supposed.
Preserving Data Against Ransomware and Exfiltration
The rise of ransomware and info exfiltration attacks is a stark reminder that organizations must safeguard their proprietary and shopper info. Security controls this kind of as DLPs and obtain controls in the info layer protected delicate info. BAS methods can replicate adversarial approaches to rigorously check these protection mechanisms.
Ongoing Validation of the Protection-in-Depth System with BAS
As the threat landscape evolves, so must an organization’s security tactic. BAS gives a steady and proactive technique for companies to assess each and every layer of their protection-in-depth tactic. With confirmed resilience against serious-existence cyber threats, security groups can believe in their security controls to endure any cyber attack.
Picus Security pioneered Breach and Attack Simulation (BAS) technology in 2013 and has served businesses boost their cyber resilience at any time considering that. With Picus Security Validation System, your business can supercharge its existing security controls from even the most advanced cyberattacks. Stop by picussecurity.com to guide a demo or investigate our assets like “How Breach and Attack Simulation Suits Into a Multi-layered Protection Tactic” whitepaper.
To develop your comprehension of evolving cyber threats, investigate the Major 10 MITRE ATT&CK approaches and refine your defense-in-depth tactic. Download the Picus Purple Report currently.
Note: This write-up was penned by Huseyin Can Yuceel, Security Analysis Guide at Picus Security, where by simulating cyber threats and empowering defenses are our passions.
Identified this posting exciting? Adhere to us on Twitter and LinkedIn to read through much more exceptional material we article.
Some pieces of this write-up are sourced from: