Medieval castles stood as impregnable fortresses for hundreds of years, due to their meticulous design. Quick ahead to the digital age, and this medieval knowledge nonetheless echoes in cybersecurity. Like castles with strategic layouts to resist assaults, the Protection-in-Depth technique is the trendy counterpart — a multi-layered method with strategic redundancy and a mix of passive and energetic safety controls.
Nonetheless, the evolving cyber risk panorama can problem even probably the most fortified defenses. Regardless of the widespread adoption of the Protection-in-Depth technique, cyber threats persist. Fortuitously, the Protection-in-Depth technique will be augmented utilizing Breach and Assault Simulation (BAS), an automatic software that assesses and improves each safety management in every layer.
Protection-in-Depth: False Sense of Safety with Layers
Also called multi-layered protection, the defense-in-depth technique has been broadly adopted by organizations for the reason that early 2000s. It is primarily based on the idea that adversaries should breach a number of protection layers to compromise precious belongings. Since no singular safety management can present foolproof safety in opposition to the big selection of cyber threats, defense-in-depth has turn out to be the norm for organizations worldwide. But when each group makes use of this technique at the moment, why are safety breaches nonetheless so frequent?
Finally, the first cause is a false sense of safety from the idea that layered options will all the time operate as supposed. Nonetheless, organizations should not put all their religion in multi-layered defenses — they have to additionally keep up-to-date in opposition to new assault vectors, doable configuration drifts, and the advanced nature of managing safety controls. Within the face of evolving cyber threats, unsubstantiated belief in defensive layers is a safety breach ready to occur.
Perfecting the Protection-in-Depth Technique
The defense-in-depth technique promotes utilizing a number of safety controls at totally different layers to forestall and detect cyber threats. Many organizations mannequin these layers round 4 elementary layers: Community, Host, Utility, and Knowledge Layers. Safety controls are configured for a number of layers to take care of a strong safety posture. Sometimes, organizations use IPS and NGFW options on the Community Layer, EDR and AV options on the Host Layer, WAF options on the Utility Layer, DLP options on the Knowledge Layer, and SIEM options throughout a number of layers.
Though this normal method applies to almost all defense-in-depth implementations, safety groups can not merely deploy safety options and overlook about them. In actual fact, in line with the Blue Report 2023 by Picus, 41% of cyber assaults bypass community safety controls. In the present day, an efficient safety technique requires a strong understanding of the risk panorama and often testing safety controls in opposition to actual cyber threats.
Harnessing the Energy of Automation: Introducing BAS into the Protection-in-Depth Technique
Understanding a corporation’s risk panorama will be difficult because of the huge variety of cyber threats. Safety groups should sift by way of lots of of risk intelligence experiences every day and determine whether or not every risk would possibly goal their group. On high of that, they should check their safety controls in opposition to these threats to evaluate the efficiency of their defense-in-depth technique. Even when organizations may manually analyze every intelligence report and run a standard evaluation (corresponding to penetration testing and pink teaming), it could take far an excessive amount of time and too many assets. Lengthy story quick, at the moment’s cyber risk panorama is not possible to navigate with out automation.
Relating to safety management testing and automation, one specific software stands out among the many relaxation: Breach and Assault Simulation (BAS). Since its first look in Gartner’s Hype Cycle for Menace-Dealing with Applied sciences in 2017, BAS has turn out to be a precious a part of safety operations for a lot of organizations. A mature BAS answer gives automated risk intelligence and risk simulation for safety groups to evaluate their safety controls. When BAS options are built-in with the defense-in-depth technique, safety groups can proactively determine and mitigate potential safety gaps earlier than malicious actors can exploit them. BAS works with a number of safety controls throughout the community, host, utility, and information layers, permitting organizations to evaluate their safety posture holistically.
LLM-Powered Cyber Menace Intelligence
When introducing automation into the defense-in-depth technique, step one is to automate the cyber risk intelligence (CTI) course of. Operationalizing lots of of risk intelligence experiences will be automated utilizing deep studying fashions like ChatGPT, Bard, and LLaMA. Fashionable BAS instruments may even present their very own LLM-powered CTI and combine with exterior CTI suppliers to research and monitor the group’s risk panorama.
Simulating Assaults within the Community Layer
As a elementary line of protection, the community layer is commonly examined by adversaries with infiltration makes an attempt. This layer’s safety is measured by its skill to determine and block malicious visitors. BAS options simulate malicious infiltration makes an attempt noticed ‘within the wild’ and validate the community layer’s safety posture in opposition to real-life cyber assaults.
Assessing the Safety Posture of the Host Layer
Particular person units corresponding to servers, workstations, desktops, laptops, and different endpoints make up a good portion of the units within the host layer. These units are sometimes focused with malware, vulnerability exploitation, and lateral motion assaults. BAS instruments can assess the safety posture of every gadget and check the effectiveness of host layer safety controls.
Publicity Evaluation within the Utility Layer
Public-facing purposes, like web sites and e-mail providers, are sometimes probably the most important but most uncovered components of a corporation’s infrastructure. There are numerous examples of cyber assaults initiated by bypassing a WAF or a benign-looking phishing e-mail. Superior BAS platforms can mimic adversary actions to make sure safety controls within the utility are working as supposed.
Defending Knowledge In opposition to Ransomware and Exfiltration
The rise of ransomware and information exfiltration assaults is a stark reminder that organizations should shield their proprietary and buyer information. Safety controls corresponding to DLPs and entry controls within the information layer safe delicate data. BAS options can replicate adversarial methods to scrupulously check these safety mechanisms.
Steady Validation of the Protection-in-Depth Technique with BAS
Because the risk panorama evolves, so ought to a corporation’s safety technique. BAS gives a steady and proactive method for organizations to evaluate each layer of their defense-in-depth method. With confirmed resilience in opposition to real-life cyber threats, safety groups can belief their safety controls to resist any cyber assault.
Picus Safety pioneered Breach and Assault Simulation (BAS) know-how in 2013 and has helped organizations enhance their cyber resilience ever since. With Picus Safety Validation Platform, your group can supercharge its current safety controls in opposition to even probably the most refined cyberattacks. Go to picussecurity.com to guide a demo or discover our assets like “How Breach and Assault Simulation Suits Right into a Multi-layered Protection Technique” whitepaper.
To develop your understanding of evolving cyber threats, discover the Prime 10 MITRE ATT&CK methods and refine your defense-in-depth technique. Obtain the Picus Purple Report at the moment.
Be aware: This text was written by Huseyin Can Yuceel, Safety Analysis Lead at Picus Safety, the place simulating cyber threats and empowering defenses are our passions.
