Layered Security Solutions
Security isn't a product. You cannot simply buy one single tool and magically enable security. Ensuring security is about doing what you can – at multiple levels – to ensure the bad guys keep stumbling over various blocks that you put in their way. When discussing this idea of multiple levels or layers of defense within computer security, such terms as "Defense in Depth", "Layered Security" and "Layered Defense" are often used. Security experts sometimes draw nuances between them, but in practice, these terms are used interchangeably. They refer to the idea of using several steps to protect your network.
The idea of layered defense is not new, but security experts often don't explain why it is a good idea. Later in this white paper we'll address some of the layers you likely already have, and what you can do to make those layers more effective. For now, let's explore some excellent reasons why you should leverage a multi-layered model in your security efforts, if you're not already heading in that direction:
- Different layers of security help defend you even if an attacker finds a weakness in one of the layers. Attackers are always probing and always switching tactics. A firewall stops a lot of bad issues from getting onto your network. Unfortunately, some attacks will find their way past a firewall. To stop those attacks from escalating, another layer of defense needs to be present at the attacker's next stop on your network, be it a desktop or a server.
- Layered defense helps you stop attacks initiated from different places. For example, it makes sense to inspect inbound email at the email server for spam, phishing attacks and viruses. However sometimes, malware can originate locally, already "inside". A user with a USB thumb drive could just plug it in, and start a big problem. Anti-virus protection on the client PCs helps address this threat.
- Some industry standards, such as PCI (Payment Card Industry) requirements are strict in precisely what must be put in place. In these cases, you are probably under an obligation or expectation to exercise due diligence in building a robust, complete system that is effective. Quite often end-customers themselves may want assurance you are doing all you can to prevent a security breach.