When it comes to cybersecurity, it’s tempting to yearn for a silver bullet – one tool that can provide complete protection against all threats. Unfortunately, that isn’t realistic and is one of the main reasons chief information security officers talk about levels of risk and risk acceptance, rather than in absolutes.
Just like building a winning sports team, effective security requires careful selection of components with different strengths. It’s also essential for those components to work together as a cohesive whole. Having the right solutions in place can also have a force multiplier effect, enabling an increase in detection performance, intelligence gathering, and incident response that would otherwise be cumbersome to perform manually. The sum will be greater than the parts.
Endpoint protection tools and network detection techniques like deception have changed the game for security teams. But nobody does it alone, and even the staunchest proponents of such controls would never argue they are the only solution a customer requires.
Likewise, focusing entirely on in-network protections would make it too easy to infiltrate the network, potentially overwhelming those in-network tools.
Instead, a balanced approach would be more successful, with an outer layer of security to serve as the first line of defence by filtering out known threats. Next, there should be a middle layer capable of identifying unusual or suspicious endpoint processes. There should also be internal security that can detect lateral movement and privilege escalation.
Such layered security can significantly improve an organisation’s detection capabilities. While deception technology and endpoint protection are both independently valuable, experience shows that having one layered over the other dramatically improves detection rates.
Growing threat sophistication
The need for such a layered approach to IT security increases because attackers are growing more sophisticated. This trend is concerning, but also expected. Cybercriminals are constantly evolving and looking for new ways to break into IT infrastructures.
For this reason, being too reliant on any one security control or technique means your organisation remains prone to attack. Instead, endpoint protection solutions must create a complementary and highly effective detection net.
An attacker might be able to evade one layer of defence (perhaps even two), but with proven protection at every layer of the network, they’ll have a hard time accomplishing their goals. Obfuscating the attack surface makes it especially true, and deceptions can control the attacker’s path away from valuable systems and data stores and towards a decoy.
Taking a layered security approach also means carefully allocating available budgets to ensure that organisations adequately resources each control. Paying too much for one tool will leave one short when putting other elements in place. Take time to evaluate the value of each solution carefully will deliver and portion budgets accordingly.
It’s important to remember that different tools offer specific capabilities but putting the right combination of those tools together will deliver the best possible security outcome. One must also recognise that this combination must likely change over time. The threat landscape is continually evolving, so things that might deliver adequate protection today may not be up to the task tomorrow.
In the same way that a sports manager builds a team over time and understands that the interplay between the individuals leads to a greater whole, a security manager can achieve cohesive set of systems by following a layered approach and continuously monitoring its performance. It is possible to build and maintain a robust security infrastructure that will deliver the levels of protection your organisation requires, both now and in the future.
Jim Cook, ANZ Regional Director, Attivo Networks