This post was written by Dan Cole.
As enterprises continue to shore up their defenses in anticipation of the next breach, it’s understood by many security professionals that it’s not a matter of if it happens, but when. And when it does, how soon they would know before the attack has completed its cycle.
To offset these upcoming threats, perimeter security experts have been doubling up on their defense solutions, layering security from the very edge of their perimeter (Firewalls, IPS, NGFW) to the deep core and asset point (end point software, application firewalls, etc.) of their IT infrastructure. This was done to not only prevent a breach, but to buy time for organizations to respond to such attacks. As I described in my earlier blog, Defense-in-Depth is very much like a “Castle” approach in building your IT security infrastructure.
But much like the castle illustrated here, by building such defense mechanisms chasms are inadvertently created. Translating this to the cyber realm the chasms represent the response time between and during ongoing attacks.
Now on the flip side of the coin, as cyber warfare incorporates both offense and defense strategies. The offense approach, which is structured and labeled by the military (as most things are) as the Kill chain. Simply put the Kill chain, from a military model perspective includes the following:
- Target identification
- Force dispatch to target
- Decision and order to attack the target
- Destruction of the target
By adapting this structured approach, Lockheed Martin coined the term Cyber Kill Chain model, like Defense in Depth, yet the opposing approach which is to attack an IT infrastructure. The perspective of the hacker if you will.
These steps include but are not limited to the following:
- Command and Control
- Actions on Objective
Today, attackers who have successfully penetrated classic Defense in Depth models, have leveraged an adaptation of the Cyber Kill Chain. So what’s the delta? What do IT experts need to incorporate into their defense strategy to help mitigate against such advanced attack approaches?
Defense in Depth with Intelligence
As discussed earlier one of the biggest challenges with the classic defense in depth approach is the inadvertent chasms that are created. These chasms are essentially people, process, and product related.
In larger enterprises there are multiple IT departments, with various responsibilities regulated based on assets managed. Network engineers may not necessary know or communicate to the security engineers. Although aspirations are to insure that process’s followed are global and relevant to all IT infrastructure touch points, in reality they are rarely followed. Lastly, products that are purchased and then deployed into the Enterprise are usually incompatible with each other, resulting in a differing log languages and management structures.
Although the people and process are valid challenges and problems that will need to be tackled, my responsibility as a product manager of the Network Security Products for SonicWall Security will be to insure that the chasms of product compatibility with adjacent security technologies are closed. The initiatives launched with our Connected Security vision will help in understanding these challenges better, as we ourselves being part of the SonicWall technology family need to bring various disparate technologies together to build a solution that will work for not only our customers but for ourselves (at SonicWall ).
One of the biggest challenges and approaches to minimizing this divide is by building a security communication framework in which all of our products can communicate using a common language. With this ability we would be able to make our products and other devices within our customer’s security infrastructure to respond and alert intelligently, minimizing the intervals between the attack cycles incorporated in the Kill Chain model.
As we and our customers continue to shore up our security infrastructure for the next generation of cyberattacks, the existing Defense in Depth model will need to be adapted and upgraded with intelligence. With intelligence we will be helping our customers in addressing the chasms within their castle.