Medieval castles stood as impregnable fortresses for hundreds of years, due to their meticulous design. Quick ahead to the digital age, and this medieval knowledge nonetheless echoes in cybersecurity. Like castles with strategic layouts to resist assaults, the Protection-in-Depth technique is the fashionable counterpart — a multi-layered method with strategic redundancy and a mix of passive and lively safety controls.
Nevertheless, the evolving cyber risk panorama can problem even essentially the most fortified defenses. Regardless of the widespread adoption of the Protection-in-Depth technique, cyber threats persist. Fortuitously, the Protection-in-Depth technique may be augmented utilizing Breach and Assault Simulation (BAS), an automatic instrument that assesses and improves each safety management in every layer.
Protection-in-Depth: False Sense of Safety with Layers
Often known as multi-layered protection, the defense-in-depth technique has been extensively adopted by organizations because the early 2000s. It is primarily based on the idea that adversaries should breach a number of protection layers to compromise invaluable belongings. Since no singular safety management can present foolproof safety towards the big range of cyber threats, defense-in-depth has change into the norm for organizations worldwide. But when each group makes use of this technique right now, why are safety breaches nonetheless so frequent?
In the end, the first motive is a false sense of safety from the idea that layered options will at all times operate as supposed. Nevertheless, organizations should not put all their religion in multi-layered defenses — they have to additionally keep up-to-date towards new assault vectors, potential configuration drifts, and the advanced nature of managing safety controls. Within the face of evolving cyber threats, unsubstantiated belief in defensive layers is a safety breach ready to occur.
Perfecting the Protection-in-Depth Technique
The defense-in-depth technique promotes utilizing a number of safety controls at completely different layers to stop and detect cyber threats. Many organizations mannequin these layers round 4 basic layers: Community, Host, Utility, and Information Layers. Safety controls are configured for a number of layers to take care of a strong safety posture. Usually, organizations use IPS and NGFW options on the Community Layer, EDR and AV options on the Host Layer, WAF options on the Utility Layer, DLP options on the Information Layer, and SIEM options throughout a number of layers.
Though this normal method applies to just about all defense-in-depth implementations, safety groups can’t merely deploy safety options and overlook about them. Actually, in keeping with the Blue Report 2023 by Picus, 41% of cyber assaults bypass community safety controls. Immediately, an efficient safety technique requires a stable understanding of the risk panorama and often testing safety controls towards actual cyber threats.
Harnessing the Energy of Automation: Introducing BAS into the Protection-in-Depth Technique
Understanding a company’s risk panorama may be difficult because of the huge variety of cyber threats. Safety groups should sift by a whole bunch of risk intelligence experiences day by day and resolve whether or not every risk may goal their group. On high of that, they should check their safety controls towards these threats to evaluate the efficiency of their defense-in-depth technique. Even when organizations may manually analyze every intelligence report and run a standard evaluation (akin to penetration testing and crimson teaming), it could take far an excessive amount of time and too many assets. Lengthy story quick, right now’s cyber risk panorama is inconceivable to navigate with out automation.
On the subject of safety management testing and automation, one explicit instrument stands out among the many relaxation: Breach and Assault Simulation (BAS). Since its first look in Gartner’s Hype Cycle for Risk-Going through Applied sciences in 2017, BAS has change into a invaluable a part of safety operations for a lot of organizations. A mature BAS answer supplies automated risk intelligence and risk simulation for safety groups to evaluate their safety controls. When BAS options are built-in with the defense-in-depth technique, safety groups can proactively establish and mitigate potential safety gaps earlier than malicious actors can exploit them. BAS works with a number of safety controls throughout the community, host, software, and information layers, permitting organizations to evaluate their safety posture holistically.
LLM-Powered Cyber Risk Intelligence
When introducing automation into the defense-in-depth technique, step one is to automate the cyber risk intelligence (CTI) course of. Operationalizing a whole bunch of risk intelligence experiences may be automated utilizing deep studying fashions like ChatGPT, Bard, and LLaMA. Trendy BAS instruments may even present their very own LLM-powered CTI and combine with exterior CTI suppliers to investigate and observe the group’s risk panorama.
Simulating Assaults within the Community Layer
As a basic line of protection, the community layer is usually examined by adversaries with infiltration makes an attempt. This layer’s safety is measured by its skill to establish and block malicious site visitors. BAS options simulate malicious infiltration makes an attempt noticed ‘within the wild’ and validate the community layer’s safety posture towards real-life cyber assaults.
Assessing the Safety Posture of the Host Layer
Particular person gadgets akin to servers, workstations, desktops, laptops, and different endpoints make up a good portion of the gadgets within the host layer. These gadgets are sometimes focused with malware, vulnerability exploitation, and lateral motion assaults. BAS instruments can assess the safety posture of every system and check the effectiveness of host layer safety controls.
Publicity Evaluation within the Utility Layer
Public-facing purposes, like web sites and electronic mail providers, are sometimes essentially the most crucial but most uncovered components of a company’s infrastructure. There are numerous examples of cyber assaults initiated by bypassing a WAF or a benign-looking phishing electronic mail. Superior BAS platforms can mimic adversary actions to make sure safety controls within the software are working as supposed.
Defending Information Towards Ransomware and Exfiltration
The rise of ransomware and information exfiltration assaults is a stark reminder that organizations should defend their proprietary and buyer information. Safety controls akin to DLPs and entry controls within the information layer safe delicate info. BAS options can replicate adversarial methods to scrupulously check these safety mechanisms.
Steady Validation of the Protection-in-Depth Technique with BAS
Because the risk panorama evolves, so ought to a company’s safety technique. BAS supplies a steady and proactive method for organizations to evaluate each layer of their defense-in-depth method. With confirmed resilience towards real-life cyber threats, safety groups can belief their safety controls to resist any cyber assault.
Picus Safety pioneered Breach and Assault Simulation (BAS) expertise in 2013 and has helped organizations enhance their cyber resilience ever since. With Picus Safety Validation Platform, your group can supercharge its current safety controls towards even essentially the most subtle cyberattacks. Go to picussecurity.com to guide a demo or discover our assets like “How Breach and Assault Simulation Suits Right into a Multi-layered Protection Technique” whitepaper.
To develop your understanding of evolving cyber threats, discover the High 10 MITRE ATT&CK methods and refine your defense-in-depth technique. Obtain the Picus Crimson Report right now.
Observe: This text was written by Huseyin Can Yuceel, Safety Analysis Lead at Picus Safety, the place simulating cyber threats and empowering defenses are our passions.
