Light Dark
November 2, 2023 By Sue Poremba 2 min read
Data Protection
Risk Management

The more valuable a possession, the more steps you take to protect it. A home, for example, is protected by the lock systems on doors and windows, but the valuable or sensitive items that a criminal might steal are stored with even more security — in a locked filing cabinet or a safe. This provides layers of protection for the things you really don’t want a thief to get their hands on. You tailor each item’s protection accordingly, depending on its worth to you and the likelihood of theft.

Your corporate network and data are the same. Protecting the valuable assets within your network requires layers. Often called defense in depth, this strategy offers multiple levels of security tools and strategies that are designed to guard against attacks.

However, these security systems aren’t perfect, and that’s exactly what threat actors are determined to exploit. In your home, you may have put the jewels in the safe, but if the safe isn’t locked, anyone can gain access. Same with your SOC. If your defense system has gaps, it’s only a matter of time before someone will gain access to your data.

Fear of patching

Having a state-of-the-art security system that appears to cover every type of attack is good, but you may not be addressing how threat actors access your system or what they’re looking for. Adversaries don’t like change, Phil Neray, VP of cyber defense strategy at CardinalOps, said at Splunk’s .conf23 event. Stolen credentials and exploited vulnerabilities remain the most popular attack vectors, according to Verizon’s Data Breach Investigations Report.

But if users within the company are falling for phishing scams or ignoring patch updates, it no longer matters how solid your layers are. Threat actors will find their way inside.

And why do people ignore patching? They fear a lack of availability to their system while the patches and updates are put in place.

Register for the webinar: Scale your SOC

Moving through the network

There’s a tendency to think of layers in terms of top to bottom or left to right — if you can’t stop them at point A, then there is defense at point B. But that often ignores how threat actors actually move within the system. Depending on the type of attack, they are moving wherever they see an opening, and one missed layer of protection can impair defenses, such as missed encryption on passwords stored in an otherwise well-defended vault.

Your layered defenses are also only as strong as your ability to detect anomalies or intrusions. Neray offered four questions to ask when looking at the quality of detections in your layered defense:

  • Where are you missing detections?
  • Are detections broken or too noisy?
  • How do you quickly onboard new detections?
  • How are you leveraging automation?

Each detection should cover multiple security layers rather than just a single location, Neray stated.

Embrace sophisticated defenses

You want more than just layers, but threat-informed defenses based on the threats unique to your organization, said Neray. Once you understand what you are protecting and where those assets are stored, you can build your layers of protection to defend against those threats.

 |  |  | 
Sue Poremba

More from Data Protection
November 1, 2023

What is data security posture management?

3 min read - Do you know where all your organization’s data resides across your hybrid cloud environment? Is it appropriately protected? How sure are you? 30%? 50%? It may not be enough. The Cost of a Data Breach Report 2023 revealed that 82% of breaches involved data in the cloud, and 39% of breached data was stored across multiple types of environments. If you have any doubt, your enterprise should consider acquiring a data security posture management (DSPM) solution. With the global average…

October 25, 2023

Cost of a data breach: The evolving role of law enforcement

4 min read - If someone broke into your company’s office to steal your valuable assets, your first step would be to contact law enforcement. But would your reaction be the same if someone broke into your company’s network and accessed your most valuable assets through a data breach? A decade ago, when smartphones were still relatively new and most people were still coming to understand the value of data both corporate-wide and personally, there was little incentive to report cyber crime. It was…

October 18, 2023

Understanding Saudi Arabia’s personal data protection law

4 min read - You may be familiar with data protection laws like HIPAA, GDPR and CCPA. But did you know that other foreign countries are also introducing comprehensive regulations? To address escalating data protection challenges, the Personal Data Protection Law (PDPL) was implemented in Saudi Arabia in September 2021. The law was later modified in March 2023, signifying a significant milestone in the country's efforts to comply with international data protection standards. In addition to the PDPL's significance to Saudi Arabia, this new…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature