Where does the concept of Defense in Depth play into your org’s cybersecurity strategy? What are you doing practically to integrate that?


4.9k views4 Upvotes15 Comments

Director of IT in Education, 5,001 - 10,000 employees
This question requires a long explanation, but in a nutshell, implemented in the Risk Management Framework (NIST RMF). It is a layered protection in every step of the RMF.
1
Director - IT Infrastructure - Databases and eBusiness Specializing in Information Technology in Retail, 1,001 - 5,000 employees
We have a risk management team and they use multiple tools to mitigate the risk in diff levels. We have multiple layers to support it 
1 1 Reply
Director of IT in Education, 5,001 - 10,000 employees

Absolutely, the RMF (NIST) is a sound framework, took us a while to implement but a very good layered protection process. Every steps in the framework has tasks that helped to protect the organization. The framework is managed by the Risk Team that flow through the RMF 7 steps processes.

Senior Information Security Manager in Software, 501 - 1,000 employees
You can’t do information security right unless you use defense in depth. As just one layer of security, such as a firewall, is incomplete security. 

People understand this intuitively as the physical level.  They have a lock on their door, then a lock in their room, then a lock for their valuables.

Doing defense in depth means assuming the previous layer has failed, and you need the next set of layers to protect the organization.
2
Director of Network Transformation, Self-employed
It's a must but also consider all the SaaS applications out there.  Your data not behind the castle walls anymore.  Interested in how DiD plays out in SaaS and Cloud.  Thoughts?  
1 Reply
Director of IT in Education, 5,001 - 10,000 employees

Put your sensitive data and critical information assets in an enclave, and only allow authorized IT access via firewall and two factors authentication for user access.

Chief Information Security Officer in Healthcare and Biotech, 1,001 - 5,000 employees
As a CISO, the concept of Defense in Depth is a fundamental component of our organization's cybersecurity strategy. Defence in Depth refers to implementing multiple layers of security controls to protect against various threats and potential vulnerabilities. It ensures that if one layer is breached, additional layers are in place to mitigate the impact and prevent further compromise. Here's how we practically integrate Defense in Depth into our cybersecurity strategy:

Network Segmentation: We employ network segmentation to divide our network into multiple segments or zones. This helps isolate critical assets and restricts lateral movement in the event of a breach, limiting the potential damage and minimizing the scope of an attack.

Perimeter Security: We deploy robust firewalls, intrusion prevention systems (IPS), and secure gateway devices at the network perimeter. These security measures help monitor and control incoming and outgoing network traffic, filtering out potential threats before they reach internal systems.

Identity and Access Management (IAM): We implement strong authentication mechanisms, such as multi-factor authentication (MFA), and enforce the principle of least privilege. This ensures that users and systems only have access to the resources necessary to perform their functions, reducing the risk of unauthorized access.

Endpoint Protection: We employ advanced endpoint protection solutions, including anti-malware software, host-based firewalls, and endpoint detection and response (EDR) tools. These measures help detect and prevent malicious activities on endpoints and provide visibility into potential security incidents.

Data Encryption: We employ encryption techniques to protect sensitive data at rest and in transit. This includes encrypting data on storage devices, utilizing encrypted communication protocols, and securing data backups.

Security Monitoring and Incident Response: We implement robust security monitoring systems to detect and respond to security incidents in real-time. This includes Security Information and Event Management (SIEM) solutions, intrusion detection systems (IDS), and Security Operations Center (SOC) capabilities. We have well-defined incident response plans and conduct regular incident response exercises to ensure effective response and containment.

Employee Awareness and Training: We recognize that employees play a critical role in the overall security posture of our organization. We conduct regular security awareness programs and training sessions to educate employees about best practices, social engineering threats, and their responsibilities in maintaining a secure environment.

Vendor Risk Management: We assess and manage the security risks associated with our third-party vendors and partners. This includes conducting due diligence, contractually mandating security requirements, and periodically evaluating their security practices to ensure they align with our organization's standards.

Regular Vulnerability Assessments and Penetration Testing: We conduct periodic vulnerability assessments and penetration testing to identify weaknesses in our systems and applications proactively. This helps us remediate vulnerabilities before attackers exploit them.

Continuous Monitoring and Improvement: We continuously evaluate and enhance our security controls, staying abreast of emerging threats, vulnerabilities, and best practices. We leverage threat intelligence feeds, industry information-sharing platforms, and engage in relevant security forums to stay informed and adapt our strategy accordingly.

By integrating Defense in Depth principles into our cybersecurity strategy, we create overlapping layers of security controls that work together to protect our organization's critical assets. This approach helps us reduce the risk of successful attacks, increase resilience, and effectively respond to security incidents.
5 2 Replies
Director of IT in Education, 5,001 - 10,000 employees

Excellent, I said it was a long explanation 😉.

1
Global Director - Security in Telecommunication, 10,001+ employees

Excellent summary- thanks

Co-Founder in Services (non-Government), 2 - 10 employees
Architecture and design, layering solutions in a way that if one misses, the other will catch. Also, procedures and playbooks for dealing with incidents and tasks.
CISO in Software, 201 - 500 employees
Let me take a slightly different perspective here. I believe that the only way to build defense in depth is to make security part of your company culture and decision-making process. Of course, the layered approach, which was very well explained as a concept by Ben and in a great level of technical detail by Naseem, are crucial, and if you don't know how to apply these, you can't succeed, but similarly, you can't succeed unless you understand your company culture and business strategy, don't keep your finger on the heartbeat of all department and can't communicate with them on the emerging and existing risks, impacts of potential breaches and disruptions, and means to set up the cascade of measures that would be acceptable for the business and at the same time provide a robust defense against the cyber threats.    
1 1 Reply
Senior Manager - IT Governance in Healthcare and Biotech, 201 - 500 employees

100% agree on this! So important to take people along on the journey in a manner that is meaningful to them

1
Director of IT, Self-employed
Network Segmentation: We employ network segmentation to divide our network into isolated segments or zones. Each zone has its security measures, reducing the attack surface and limiting lateral movement in case of a breach.

Firewalls: We use both perimeter and internal firewalls to filter traffic and enforce security policies at various network boundaries.

Intrusion Detection and Prevention Systems (IDPS): IDPS solutions are deployed at critical points within our network to monitor traffic for suspicious activity and block or alert on potential threats.

Endpoint Protection: We use advanced endpoint protection solutions that include antivirus, anti-malware, and host-based intrusion detection to secure individual devices.
Global Chief Cybersecurity Strategist & CISO in Healthcare and Biotech, Self-employed
Defense in depth involves implementing multiple layers of security to protect against various threats. Here is a checklist to proactively integrate defense in depth. We do all of these. The next step is the measure your maturity level of each of them.

1. **Perimeter Security:** Use firewalls, intrusion detection systems, and intrusion prevention systems to protect the network perimeter.

2. **Network Security:** Implement network segmentation, access controls, and VPNs to safeguard internal networks.

3. **Endpoint Security:** Employ antivirus software, endpoint detection and response (EDR) tools, and regular patch management for devices.

4. **User Education:** Conduct security awareness training to educate employees about phishing, social engineering, and safe online behavior.

5. **Data Encryption:** Encrypt sensitive data both in transit and at rest to mitigate data breaches.

6. **Application Security:** Regularly update and patch applications, and conduct code reviews to find and fix vulnerabilities.

7. **Incident Response Plan:** Develop a robust incident response plan to react effectively to security incidents and minimize damage.

8. **Physical Security:** Secure physical access to servers and data centers to prevent unauthorized physical breaches.

9. **Vendor and Third-Party Risk Management:** Assess and manage the security risks posed by third-party vendors.

10. **Continuous Monitoring:** Continuously monitor networks and systems for anomalies or potential threats.

11. **Regular Auditing and Testing:** Conduct penetration testing and security audits to identify weaknesses.

12. **Backup and Recovery:** Implement regular data backups and test disaster recovery procedures.

Please keep in mind that the threat landscape evolves, so ongoing assessment and adaptation of security measures are essential. Hope this helps.
CIO in Education, 501 - 1,000 employees
It fits everywhere and we try to purchase/implement use tools that complement each other in this regard.

Content you might like

Yes48%

Not yet, but we’re developing one.36%

No13%

Other (please specify)2%


420 PARTICIPANTS

1.9k views1 Comment

Lead digital business/transformation initiatives26%

Upgrade IT and data security44%

Identify new data-driven business opportunities15%

Collaborate with business leaders on customer initiatives4%

Help reach specific goals for corporate revenue growth11%


194 PARTICIPANTS

1.3k views1 Upvote