We are in an age of massive disruptions caused by the technology advancements of organizations going the extra mile to keep up with technology. Many organizations are in possession of critical assets––in the form of data––that had to be secured for them in order to maintain their position as the customer’s choice; however, there is also an adherence to the different regulations. There is no “one-size-fits-all” security measure that an organization can implement to address all the cybersecurity gaps; hence, the use of a layered security approach.
“Layered security is the implementation of multiple security controls to secure the organization’s assets. Layered security is about multiple types of security measures, each protecting against a different vector for attack.”
The goal of layered security is to increase the effectiveness of the security controls in place through a defensive strategy, which features multiple defensive layers designed to slow down an attacker. A series of different defenses are used to cover the gaps in the other protective capabilities.
Last year was characterized by massive cyber attacks such as WannaCry, NotPetya, and the crucial Equifax breach, which left about 143 million individuals affected. Organizations now acknowledge that cybersecurity is not an IT issue, but an organization-wide issue––with each individual having a critical role to play. According to Morgan Steve of CSO online, “Cyberattacks are on the rise with cybercrime damage costs to hit $6 trillion annually by 2021.”
Organizations can implement multiple security controls to achieve optimum confidentiality, integrity, availability, authentication, and nonrepudiation––and increase the strength against known and unknown attacks.
A mixture of administrative, physical, and logical controls are implemented across the different communication layers for a hardened environment.
Below are some of the administrative, logical, and physical security controls that organizations can have in place to increase the security of the environment:
Perimeter Security Controls
- Have strong perimeter security controls by implementing firewalls that act as the first line of defense to monitor traffic to and from an environment and block any malicious traffic. Some firewall brands have a built-in Intrusion Detection System module that can raise alerts when malicious traffic is detected. For standalone firewalls, an Intrusion Detection /Intrusion Prevention System can be implemented separately to also monitor the incoming traffic and raise alerts as per the signatures defined. In implementing these devices, it’s prudent to avoid a Single Point of Failure and have redundant devices to ensure high availability for the core devices.
- Have a Demilitarized zone that works as a small, isolated network positioned between the Internet and the private network, where any service being provided to users on the external network can be placed. This also allows the organization extra time to detect and address breaches before they would further penetrate into the internal networks.
- Use of VPNs for remote connection.
Internal Network Security
Several controls are implemented around the internal network, which includes:
- Segregating the internal network into VLANs that isolate the traffic in a Local Area Network.
- Implement anti-virus programs to effectively prevent, detect, and remove malware. The anti-virus program should be monitored and updated regularly depending on the procedures of the organization and keeping in mind advanced malware behaviors (such as polymorphism).
- Use of a strong and approved encryption algorithm to ensure that information is not transmitted in clear text and thus prone to interception.
- Disabling the clear text services, such as the use of Telnet and FTP, and replacing with secure methods (such as SSH).
- Use secure channels for remote management of network devices.
- Disable any unnecessary services in the network, as they increase the attack area in an environment.
- Block all the unnecessary ports on the network devices.
- Hashing of passwords
- Enable secure logging, monitoring of the logs, and frequent review of the logs.
- Carry out Information Security training for the staff to adopt a cyber-aware culture. The Insider Threat report of 2018 showed that 56% of the insider threats were by regular employees, 55% by the users with privileged access, and 42% by third-party contractors.
- Implement Identity and Access Management processes to manage user access assignment, monitoring, reviewing, and revocation. This will ensure that there are proper processes and procedures in place for users such as Least Privilege Access, Need to Know, and Segregation of Duties.
- Use of Multi-Factor Authentication for users to minimize the chances of users being impersonated.
- Document processes, procedures, and guidelines in policy documents that define the minimum requirements that the organization adheres to. These policy documents are broken down into procedure documents that list the steps to be followed to complete key tasks in the environment. This is to ensure that such activities are standardized and follow the same process.
- Define a proper patch management process to ensure a standardized and defined procedure of implementing patching to the systems in the environment. The Patch Management Process includes procedures on how to download the patches, test the patches in a defined test environment, and push it to the live environment.
- Develop a change management process that will have procedures on how to identify a requirement for a change, the procedure for initiating a change request, approving the change, testing the change, and implementing the change.The use of standard procedures ensures that an anomaly is easy to detect.
- Implement physical security controls such as deadlock doors to bar the staff from piggybacking, CCTV for monitoring, and motion sensors to detect any motion during unexpected
- Use of vulnerability scanners to frequently and proactively scan the environment for known and even unknown weaknesses.
- Implement a System Information and Event Management process to collect and aggregate log data produced throughout the organization’s technology infrastructure.
Data is today’s gold, so organizations cannot rely on a single approach to address all the security risks. Proper implementation of security controls ensures that the controls work in harmony with one another.
About the Author:
Esther Wafula is a Senior Cybersecurity Consultant with Ernst and Young, Wellington, New Zealand. She is a Computer Engineering degree holder from Kenyatta University and a CEH, CISA, CISM, and ITILv3 certified. She is passionate about information security and has experience in vulnerability assessment and penetration testing with a great focus on the infrastructure security. She has worked across multiple sectors in East Africa and is currently based in Wellington, New Zealand.
Disclaimer: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of EC-Council.
4. Schulze, H. (2018). Insider Threat report 2018.