Medieval castles stood as impregnable fortresses for hundreds of years, because of their meticulous design. Quick ahead to the digital age, and this medieval knowledge nonetheless echoes in cybersecurity. Like castles with strategic layouts to face up to assaults, the Protection-in-Depth technique is the trendy counterpart — a multi-layered method with strategic redundancy and a mix of passive and lively safety controls.
Nevertheless, the evolving cyber risk panorama can problem even probably the most fortified defenses. Regardless of the widespread adoption of the Protection-in-Depth technique, cyber threats persist. Thankfully, the Protection-in-Depth technique may be augmented utilizing Breach and Assault Simulation (BAS), an automatic instrument that assesses and improves each safety management in every layer.
Protection-in-Depth: False Sense of Safety with Layers
Also referred to as multi-layered protection, the defense-in-depth technique has been broadly adopted by organizations because the early 2000s. It is based mostly on the belief that adversaries should breach a number of protection layers to compromise useful property. Since no singular safety management can present foolproof safety in opposition to the big selection of cyber threats, defense-in-depth has turn out to be the norm for organizations worldwide. But when each group makes use of this technique at present, why are safety breaches nonetheless so widespread?
Finally, the first purpose is a false sense of safety from the belief that layered options will all the time perform as supposed. Nevertheless, organizations should not put all their religion in multi-layered defenses — they need to additionally keep up-to-date in opposition to new assault vectors, attainable configuration drifts, and the advanced nature of managing safety controls. Within the face of evolving cyber threats, unsubstantiated belief in defensive layers is a safety breach ready to occur.
Perfecting the Protection-in-Depth Technique
The defense-in-depth technique promotes utilizing a number of safety controls at completely different layers to stop and detect cyber threats. Many organizations mannequin these layers round 4 elementary layers: Community, Host, Software, and Knowledge Layers. Safety controls are configured for a number of layers to keep up a sturdy safety posture. Sometimes, organizations use IPS and NGFW options on the Community Layer, EDR and AV options on the Host Layer, WAF options on the Software Layer, DLP options on the Knowledge Layer, and SIEM options throughout a number of layers.
Though this common method applies to almost all defense-in-depth implementations, safety groups can’t merely deploy safety options and overlook about them. In actual fact, based on the Blue Report 2023 by Picus, 41% of cyber assaults bypass community safety controls. Immediately, an efficient safety technique requires a stable understanding of the risk panorama and recurrently testing safety controls in opposition to actual cyber threats.
Harnessing the Energy of Automation: Introducing BAS into the Protection-in-Depth Technique
Understanding a corporation’s risk panorama may be difficult because of the huge variety of cyber threats. Safety groups should sift via a whole bunch of risk intelligence reviews each day and determine whether or not every risk may goal their group. On prime of that, they should check their safety controls in opposition to these threats to evaluate the efficiency of their defense-in-depth technique. Even when organizations may manually analyze every intelligence report and run a standard evaluation (equivalent to penetration testing and pink teaming), it could take far an excessive amount of time and too many assets. Lengthy story quick, at present’s cyber risk panorama is unimaginable to navigate with out automation.
Relating to safety management testing and automation, one specific instrument stands out among the many relaxation: Breach and Assault Simulation (BAS). Since its first look in Gartner’s Hype Cycle for Risk-Dealing with Applied sciences in 2017, BAS has turn out to be a useful a part of safety operations for a lot of organizations. A mature BAS answer supplies automated risk intelligence and risk simulation for safety groups to evaluate their safety controls. When BAS options are built-in with the defense-in-depth technique, safety groups can proactively determine and mitigate potential safety gaps earlier than malicious actors can exploit them. BAS works with a number of safety controls throughout the community, host, utility, and information layers, permitting organizations to evaluate their safety posture holistically.
LLM-Powered Cyber Risk Intelligence
When introducing automation into the defense-in-depth technique, step one is to automate the cyber risk intelligence (CTI) course of. Operationalizing a whole bunch of risk intelligence reviews may be automated utilizing deep studying fashions like ChatGPT, Bard, and LLaMA. Trendy BAS instruments may even present their very own LLM-powered CTI and combine with exterior CTI suppliers to investigate and observe the group’s risk panorama.
Simulating Assaults within the Community Layer
As a elementary line of protection, the community layer is commonly examined by adversaries with infiltration makes an attempt. This layer’s safety is measured by its potential to determine and block malicious site visitors. BAS options simulate malicious infiltration makes an attempt noticed ‘within the wild’ and validate the community layer’s safety posture in opposition to real-life cyber assaults.
Assessing the Safety Posture of the Host Layer
Particular person gadgets equivalent to servers, workstations, desktops, laptops, and different endpoints make up a good portion of the gadgets within the host layer. These gadgets are sometimes focused with malware, vulnerability exploitation, and lateral motion assaults. BAS instruments can assess the safety posture of every gadget and check the effectiveness of host layer safety controls.
Publicity Evaluation within the Software Layer
Public-facing functions, like web sites and electronic mail providers, are sometimes probably the most crucial but most uncovered elements of a corporation’s infrastructure. There are numerous examples of cyber assaults initiated by bypassing a WAF or a benign-looking phishing electronic mail. Superior BAS platforms can mimic adversary actions to make sure safety controls within the utility are working as supposed.
Defending Knowledge Towards Ransomware and Exfiltration
The rise of ransomware and information exfiltration assaults is a stark reminder that organizations should shield their proprietary and buyer information. Safety controls equivalent to DLPs and entry controls within the information layer safe delicate info. BAS options can replicate adversarial strategies to scrupulously check these safety mechanisms.
Steady Validation of the Protection-in-Depth Technique with BAS
Because the risk panorama evolves, so ought to a corporation’s safety technique. BAS supplies a steady and proactive method for organizations to evaluate each layer of their defense-in-depth method. With confirmed resilience in opposition to real-life cyber threats, safety groups can belief their safety controls to face up to any cyber assault.
Picus Safety pioneered Breach and Assault Simulation (BAS) expertise in 2013 and has helped organizations enhance their cyber resilience ever since. With Picus Safety Validation Platform, your group can supercharge its present safety controls in opposition to even probably the most subtle cyberattacks. Go to picussecurity.com to e-book a demo or discover our assets like “How Breach and Assault Simulation Matches Right into a Multi-layered Protection Technique” whitepaper.
To develop your understanding of evolving cyber threats, discover the Prime 10 MITRE ATT&CK strategies and refine your defense-in-depth technique. Obtain the Picus Purple Report at present.
Be aware: This text was written by Huseyin Can Yuceel, Safety Analysis Lead at Picus Safety, the place simulating cyber threats and empowering defenses are our passions.
