Why Network Security Requires Defense in Depth

Every network connected to the Internet is under attack

Whether it’s big or small, criminals go after everything, searching for weaknesses. The FBI reported that losses to Internet crime in 2016 amounted to $1.45 billion. Neglecting security is an expensive mistake.

There isn’t any single measure that will keep your systems safe. Imagine that you were a bank with a lot of money in a vault. You wouldn’t count on just its locks to keep thieves out. You’d restrict access to it and install cameras and alarms. Defense in depth forces criminals to defeat a whole series of protections before they can get the loot.

The perimeter

The outermost defense includes the network’s firewall and spam filters. You need to configure the firewall to your needs, not just use it as it came out of the box. Any types of traffic which your network doesn’t use shouldn’t be allowed in. The best protection comes from a next-generation firewall (NGFW), which examines not just packet types but application-specific queries for hostile content.

Spam protection is part of the perimeter defense. A large proportion of attacks get in through phishing messages. If an email message tricks the recipient into opening an attachment, it might be able to install malware on the machine. From there the hostile software can spread to the rest of the network. The surest defense is to keep those messages from reaching the inbox.

Defensive software

A good perimeter defense will stop most attacks, but not all. Each machine needs anti-malware software which will recognize and stop anything hostile that tries to run on it. New threats appear every day, so it needs regular updates.

When there is a report of malware on a machine, the best immediate action is to quarantine it from the network. It should go back online only after removing the problem and verifying that the machine is clean.

Application and OS patches

Most attacks take advantage of known bugs in applications and operating systems. Once the publisher issues a patch, criminals know about the problem. What’s more, they know that many sites won’t install the patch right way. They’ve got a window of opportunity for attacking the vulnerability. If you patch all your software on a regular schedule, you keep the window small.

Even in a relatively simple network, there is a lot of software to keep up to date. Tools are available that automate patches, installing them as they become available. This approach saves effort, but be sure to test all software after it’s updated. Patches sometimes break compatibility, and then you have to fix the problem by hand.

Network monitoring

The last line of defense is a monitoring system that catches unusual traffic on the network. If malware gets past the firewall, protective software doesn’t stop it, and it finds a vulnerability to take advantage of, it will start doing damage. It could run for weeks or months without being caught, sending valuable data out or participating in DDoS attacks. Network monitoring will recognize suspicious patterns and report them. The more quickly the malware is removed, the less damage it will do.

Monitoring can also catch areas that the firewall should protect but doesn’t. If probes come in through unused ports, they should probably be closed off. Anything that doesn’t have a reason to come in ought to stay out.

The role of employees

The people who use the network are an essential part of its defense, and they should be well trained in security measures. They’re primarily part of the perimeter defense, setting strong passwords, being careful with email, and generally being careful with information. They contribute to system monitoring as well; if the applications misbehave or services become unavailable, they need to report the problem quickly.

Human error is a major cause of security breaches. There’s no way to eliminate all errors, but training and careful attention will make serious mistakes rare.

Taking all these steps is undeniably a lot of work, but it’s a necessity in today’s world. A business that suffers a data breach can face serious costs in money and in the organization’s reputation. One that protects its data at every level will experience very few disruptions and will earn its customers’ trust. The effort pays for itself.