Author: Arun Gandhi, Director Product Management, Seceon
“Stack them deep and sell them cheap” is often I have heard with respect to the wholesale retail stores. Are we doing the same with Defense-in-depth for providing comprehensive “zero-trust” security?
Certainly not cheap in terms of the cost but for the gaps these disparate security tools leave for the attackers. Layering lines of defenses indeed sounds like a great idea. The mindset: It is relatively secure within the enterprise, anything from outside is unsecure. So if one line of defense fails, another layer takes over to protect. On the onset, this has been the military approach to protect against the enemies in a warfare.
So if ever there was an invasion, this approach buys time to respond without succumbing to the enemy. The purpose was to delay the attack by increasing the number of barriers, not to prevent the attacker.
This begs a question: Is defense-in-depth a feasible strategy for protecting enterprises from the sophisticated and growing attack vectors?
Frankly, this has not worked. In the last decade, enterprises have been added a slew of security products from firewalls, SIEM, User Behavior Analytics, SOAR, EDR, DLP, Email/Web Filtering, etc., and a well-trained SOC team to their portfolio to enhance their security posture by layering with multiple security tools. The truth is that almost every day for years we have read about compromise and breaches in organizations and the velocity is increasing. Some examples include the massive breach via a cyberattack through the HVAC systems, as well as a widespread Distributed Denial of Service (DDOS) attack targeting IoT devices (primarily IP cameras and home routers), and many more. Also, about two-thirds of small-to-medium enterprises who have relatively small IT/Security budget go belly up just because of a breach. In spite of all these layers of protection, enterprises still get breached and face malicious attacks on a day-to-day basis.
Doomed For Failure. Why?
The attack surface is growing exponentially as the organizations shift towards cloud computing, DevOps and IoT. The enterprise network perimeter is disappearing with BYOD and critical applications being accessed in the cloud by these devices from distinct locations. A large attack surface means more potential weaknesses to discover and exploit. In the face of advanced threats and increasing attack vectors, a false sense of security stems through these disparate silo solutions stacked together. Each silo solution has its own intelligence and are inherently not designed to share it thus leaving holes that can be easily exploited. Attackers leverage these gaps to intrude into the enterprise and then work their way deep inside.
Additionally, it is complex to manage and is operationally very expensive with the growing number of tools and need for organizations to constantly hire and train the SMEs for these silo solutions. Also, defining and maintaining a security posture with these disparate tools, these SMEs must work together in the broader ecosystem to correlate and share intelligence from each tool which, in effect, brings a whole new perspective to the table. Couple this with the cost and scarcity of cybersecurity talent compared to most companies’ limited security budgets. Second, protecting only a certain set of critical assets or addressing a select use-cases to keep costs low will possibly have huge ramifications. Therefore, it is imperative to view enterprise security more holistically.
Keys For A Comprehensive Security Posture
Visibility is paramount and a foundational building block for a comprehensive security architecture. After all, it is hard to protect what cannot be seen. Knowledge of the devices and how they interact with each other within the ecosystem is vital. To gain pervasive visibility across physical, virtual and hybrid environments, it is also important to aggregate network traffic in both north-south (leaving and coming into the organization) and east-west (within the organization) directions. Defense-in-depth falls short in providing the complete visibility of your environment in real-time.
Correlating events and data from these disparate silo solutions is complex and challenging. Analyzing how each activity relates to every other activity in the enterprise with the context from the past is fairly tedious task. The SMEs need to compare the data extracted from each tool allowing them to quickly understand the context of any activity. With the lack of security standards, these silo security tools inherently are not designed to work together and expose APIs for integration. So adding multiple layers of defense to create a comprehensive security posture is a myth. To combat the growing threats within the organizations faster and at predictable costs, enterprises today need systems to conduct intelligent, meaningful correlation with past context, detect anomalies and remediate them in real-time.
Detecting the developing threat or breach in an organization is good but knowing itself is not enough. The goal is to safeguard the organizations in real-time and therefore the consequences of not taking an action or a delayed response are enormous as most of the damage is done within an hour of a security breach. With defense-in-depth security architecture, there is a dependency on either the SOAR tools or the expert SOC analysts to take action. For cybersecurity in the digital era with the increasing attack surface, there is a need for systems to take automated or well-ordered action for remediation in real-time.
Compliance laws are changing and becoming more stringent. The requirements are going to grow in future and new regulations will come to maturity from governments in different parts of the world. GDPR is one such example and this is just a beginning. The question is: How does defense-in-depth security architecture stacks up with these growing regulatory requirements? Enterprises today need a comprehensive security platform that is responsible for continuous monitoring and compliance at all times and be able to produce adhoc reports for security audits.
The Seceon Approach
Seceon has crafted a niche in the market as an adept security solution provider that deeply understands the nuances of cyber threats encountered by small-to-medium sized businesses (SMBs) and enterprises. It is distinguished for offering the first fully automated, comprehensive cyber security platform that helps organizations to safeguard their valuable information and people. The company launched its Open Threat Management (OTM) Platform in April 2016 with a mission to empower SOC and IT teams of all-size organizations to easily and affordably detect and mitigate cyberthreats, as soon as they are uncovered. It is a machine learning and AI-based platform built on Big/Fast Data architecture.
The OTM Platform works out-of-the-box to instantly protect against known and unknown threats. It provides comprehensive visibility, proactive threat detection, and automated containment and elimination of threats in real-time, all while minimizing costs, staff bandwidth constraints, and performance impact. OTM helps enterprises automatically generate prioritized threat alerts that matter in real-time and empowers SOC / IT teams to detect and respond to the threats quickly, before critical data gets exfiltrated. Seceon’s offers aiSIEM™ and aiMSSP™ solutions built on the OTM Platform to transform the landscape of IT security.
• Seceon aiSIEM goes beyond traditional SIEM and eliminates the need for adding multiple silo solutions. It ingests raw streaming data from applications, identity systems, flows, and raw traffic from networks to provide comprehensive visibility, proactive threat detection, automated threat containment and elimination, and continuous compliance, policy management, & reporting.
• Seceon aiMSSP enables Managed Security Service Providers (MSSPs) to offer outsourced security services to SMBs, including 24×7 security monitoring, threat intelligence, and real-time detection and remediation, at nominal and predictable linear costs.
Seceon’s OTM platform is growing in popularity across all business verticals due to its key differentiated benefits. This includes:
• Comprehensive Visibility
The OTM Platform ingests all ra streaming data (Logs, Packets, Flows, and Identities) and provides real-time extensive view of all assets (users, hosts, servers, applications, data access, and movement traffic) that are on premise, cloud, or hybrid, and their interactions.
• Reduce Mean-Time-To-Identify (MTTI) with Proactive Threat Detection
The platform proactively detects threats and surfaces threats in real-time without an agent or alert fatigue.
• Reduce Mean-Time-To-Resolve (MTTR) with Automatic Threat Remediation
The OTM Platform performs automatic threat containment and elimination in real-time. It also provides clear actionable steps to eliminate the threats that can either be handled automatically by the system or manually by the security expert post-analysis.
• Continuous Compliance, Policy Management and Risk Monitoring
The platform provides continuous compliance and scheduled or on-demand reporting. This includes, HIPAA, PCI-DSS, NIST, GDPR, SOX, etc.
Today many organizations are realizing the shortcomings of defense-in-depth to build a comprehensive security posture in the digital era.
With the increasing attack surface and threat vectors becoming more complicated,defense-in-depth architecture puts these organizations at risk. Therefore these organizations are overhauling their defense-in-depth strategy and slowly migrating to a more comprehensive, integrated solution. Seceon’s expertise in crafting leading-edge solutions for rising cyber security challenges, out-of-the-box thinking, and passion for ensuring “Cybersecurity Done Right,” has made it a dominant IT security provider.