Purplebytes

View Original

Defence in Depth and Breadth – The new approach

The hackers are getting smarter and using technology to crack systems which were traditionally seen as very secure. The constant race to outwit the hackers means Companies have to find equally smarter ways to remain secure and still provide great performance and service to their customer. This post helps understand the jargons and the technology and how you can use them. Read on...

Defence in Depth:

Image Courtesy:https://www.cloudtechnologyexperts.com/defense-in-breadth-or-defense-in-depth/

This has been traditional layered approach. This can be compared to “onion approach” or more close to “airport security”. At every step you are stopped and searched and allowed into the next inner level.  

The first problem here is performance.  Performance takes a big hit as the increasing number of devices that must “crack the packet” as it were and examine it, often times duplicating functionality with varying degrees of success. The result is IT teams often forced to compromise and switch off some of the security appliances to speed up Business performance and thus exposing themselves to attacks.

The next issue is Encrypted traffic flowing into and out of the data center often bypasses security solutions entirely, leaving another potential source of a breach unaddressed. Also attacks are happening more and more at application level. This means depth alone is not enough.

 

Defence in Breadth:

Image Courtesy:http://tectonicsecurity.com/managed-security-services/web-application-firewall/

Defence in breadth provides security at the application level. Most defence in depth applies at Network Layer also known as Layer 3 of OSI stack. However, more and more attacks happen using vulnerabilities at Application Layer (Layer 7) like SQL injection, cross site scripting (XSS), file inclusion, weak session management and many others.

This is where web application firewall(WAF) provides protection at application layer (also known as Layer 7).  A WAF is an application security measure deployed between a web client and a web server that performs a deep inspection of every request and response for all common forms of web traffic. Identifying and isolating or blocking abnormal malicious traffic, a WAF effectively prevents threats from reaching the server.

A great advantage of WAF is that if a vulnerability is found in an application and a software patch is not immediately available, a new WAF rule can be added in real time to ensure the application is protected. In fact, services exist to provide regular updates to a WAF to ensure continuous protection. This can simplify the overhead of having to maintain effective security, especially for smaller companies.

 

The new defence:

The best solution is to include both Depth and Breadth approach to have the best possible chance against malicious attacks. This is has become easy in public cloud environment where providers like Amazon AWS pursue both type of defence actively.

It is imperative for Cloud security teams to establish their Security strategies underpinned by a flexible orchestration platform. This should include  multiple security tools working together in automated or semi-automated fashion, providing a strong defence against growing threat vector.

By, Vidhya Nadarajan