Defend Your Network With Layered Security: The 3 Main Elements of Layered Security

Layered security has long been a significant element of many organizations’ security strategy. In an IT context, layered security means protecting digital assets with several layers, each layer providing an additional defense. The goal is simple – to make it much harder for a hacker to get through a network perimeter and into a network. Even if a hacker managed to breach one layer of security, all the data and resources inside the network remain safely guarded by the other layers of security which are in place.

While the concept is easy to explain, it isn’t without its pitfalls – namely, layered security only focuses on protecting the network perimeter. More specifically, the layered security approach operates on the assumption that any individual who is within the network is, by definition, a trusted insider. As a result, once a hacker gets inside the network, there’s nothing stopping them from moving laterally throughout the network, accessing valuable data and resources. No matter how many layers of security protect the network perimeter, the network is vulnerable to malicious agents who get in.

This wasn’t as major an issue in the days when workers worked from the office, and software ran and data was stored on the corporate network. The only way into the network was through the perimeter, so layered security was (mostly) good enough. However, as organizations increasingly move resources and apps to the cloud, leverage SaaS applications, and adopt remote work, this “network perimeter” has been altered beyond recognition. Rather than a simple moat around a castle where the treasures are kept, the virtual network perimeter comprises diverse access points, which hackers can penetrate in myriad ways. Some users work onsite, and others work from remote locations; some resources may be stored onsite, and others in the cloud. This creates new security challenges and complex access requirements.

Due to these changes, layered security is no longer considered to be the optimal security strategy that it once was. However, many individual elements of layered security are as important as ever and have been adapted, extended and combined with other strategies to better suit today’s ever-changing cybersecurity landscape.

Let’s find out more about layered security, and see how it is changing to support a comprehensive security strategy.

Read More

Layered security – the “heist” approach

Layered security is somewhat similar to the security approach portrayed in classic “heist movies,” where a team of burglars must get past obstacle after obstacle, each one providing its own challenge, before they finally manage to gain access to the valuable jewels and make off with them into the night. The first layer of security might be the locked doors and windows on the building’s exterior, while the second layer would be intrusion detection systems, such as the alarms on all of the doors and windows, which detect if someone manages to unlock the doors and get past that first layer. The guards inside the building represent yet another level of security, as do the video cameras monitoring the rooms. In addition, in the movies, there are fancy laser beam detectors surrounding the case where the jewels are kept, and then a final layer to get past – the motion detector that issues an alarm if the jewels are moved from their place. For the burglars to get their prize, it’s not enough to defeat one layer – they have to get past all of the many layers of security protecting the jewels.

Layered security is also known as ‘defense in depth’, a term borrowed from the military tactic with the same name. In a war, an army might choose to concentrate all of its forces along the front, so that it’s as well defended as possible. The danger is that if the enemy concentrates its forces and breaks through the front in one spot, there are no further defenses protecting the area behind. With defense in depth, some defensive resources – troops, fortifications, weapons – are further back, so that if the front is breached, there are still troops and materiel available to stop the enemy advance. In the military context, even if less concentration in the first level makes it easier for the enemy to make an initial breach, they can be ultimately stopped more easily because their losses will continue to grow as they continue to try to work their way toward the goal.

Another classic example of defense in depth is the “concentric castle” model. A castle may be protected by an outer wall, then a moat, then a higher and more heavily fortified inner wall.

In the IT environment, layered security provides defensive redundancy. If one layer of security fails, another layer keeps the system and its data secure. To get through to the data, a threat has to infiltrate every level of security.

The layered security approach typically involves three main types of security controls.
 

Administrative controls

Administrative controls consist of policies and procedures put in place by an organization to minimize vulnerabilities and to prevent users within the company from accessing information they are not authorized to access. Some layers of administrative controls could include:

• Making sure that only current employees have user accounts, by putting a procedure in place to close an employee’s account on the network in the event that someone leaves the company.
• Putting detailed policies and procedures in place to ensure that all employees take the mandated steps required to secure corporate data, especially sensitive data.
• Implementing role-based access control, which enables employees to only access the actual data that they need to do their own jobs. See our article on access control for more information about different access control schemes.
• Minimizing the use of privileged accounts, such as administrator accounts, and placing additional restrictions on their use.

 
Functions of Administrative Controls

Administrative controls form the backbone of an organization’s cybersecurity framework. They encompass the policies, procedures, and guidelines that shape security management within the company.

Here’s how they function and some key examples:

• Policy Enforcement: Administrative controls enforce organizational policies regarding data access, security protocols, and user behavior.
• User Access Management: They regulate who can access what within the network, often through role-based access control systems.
• Training and Awareness: These controls include regular employee training on cybersecurity best practices and protocols.
• Incident Response Planning: Administrative controls involve planning and executing response strategies for potential security breaches.

Examples of Administrative Controls:

• Mandatory Security Training: Regular training sessions for employees to stay updated on the latest security threats and response tactics.
• Regular Audits: Periodic audits of security practices and user activities to identify and rectify potential vulnerabilities.

Physical controls

Physical controls are another crucial aspect of the layered approach. These include anything that prevents actual physical access to the IT system. For example:

• Physical doors with locks in any area with computer equipment.
• Fingerprint scanners for access to areas with computer equipment, and/or for logging into the system.
• CCTV footage as a deterrent and to alert security to any possible cyber threats.
• Security guards to monitor the area.
• Gates to prevent easy access to the site. Layers of physical controls could be the types of things described in the heist movie example – the multiple layers of protection that prevent the burglars from gaining access to the jewels.

Functions of Physical Controls

Physical controls involve measures taken to secure the physical environment where the technology operates.

Primary functions include:

• Access Restriction: Physical controls limit physical access to critical infrastructure and hardware.
• Surveillance and Monitoring: They provide surveillance of premises to detect and deter unauthorized access.
• Environmental Controls: These controls protect equipment from environmental threats like fire, water damage, or power outages.

Examples of Physical Controls:

• Smart Card Access Control: Utilizing smart cards that store and process information, which employees must use to gain access to restricted areas. These cards can be programmed with specific access rights and are more secure than traditional key systems.
• Physical Intrusion Detection Systems: Installing advanced intrusion detection systems such as infrared motion detectors, glass break sensors, and door contact sensors to alert security personnel of any unauthorized entry attempts.
• Security Bollards and Barriers: Implementing physical barriers such as retractable bollards or vehicle access control barriers around critical facilities. These measures are particularly effective in preventing unauthorized vehicle access while allowing pedestrian movement.

Technical controls

These controls include software and hardware-based information security solutions that prevent unauthorized access to the IT network. A combination of different hardware and software solutions provide the best protection from a wide array of cyber threats. Layers of technical controls could include the following:

Securing authorization

• Requiring users to use strong passwords that are difficult to guess or crack using password cracking tools.
• Two factor authentication or multi-factor authentication (2FA/ MFA) to further verify the user’s identity by using multiple devices to login.
• Biometric authentication to ensure a user’s identity through the use of facial recognition or fingerprint scanning, for example.

Preventing infections from malware and similar threats

• The first layer might be from the administrative realm – educating users not to click on suspicious links on the web, or open suspicious files that are sent to them by email.
• The next layer could be conventional detection-based anti-virus and anti-malware software.
• An additional layer would be adding Remote Browser Isolation, so that if a user did click through to an infected site, damage would be contained away from the endpoint machine.

Data security

• Securing the network behind a firewall, which can be implemented as either a hardware or software solution, depending on the network infrastructure.
• Encrypting data servers, to protect data even if a bad character manages to access the server.
• Encrypting emails as an additional layer, to prevent information sent via email from being intercepted and compromised by an unknown third party.
• Following best practices for remote access can be an additional layer of protection that closes a vulnerability often exploited by hackers.

Functions of Technical Controls

Technical controls are the technological tools and strategies that defend against cyber threats and secure a company’s digital assets. They play a pivotal role in safeguarding information technology systems.

Their main functions include:

• Network Security: Technical controls safeguard the network from unauthorized access and cyber threats.
• Data Encryption: They ensure that data, both at rest and in transit, is encrypted and secure.
• Intrusion Detection and Prevention: Keeping an eye on network traffic to detect and prevent unauthorized access or anomalies.

Examples of Technical Controls:

• Firewalls: Utilizing firewalls to monitor and control incoming and outgoing network traffic based on predetermined security rules.
• Antivirus Software: Deployment of antivirus software to protect against malware and other cyber threats.

Learn About SASE and SSE

Cloud Controls

Cloud controls are specialized measures designed to secure data and applications in cloud environments, especially vital in work-from-home (WFH) setups. These controls ensure remote workers safely access cloud resources without compromising the organization’s security.

Here’s a closer look at cloud controls and their significance in a WFH context:

• Cloud-Based Identity and Access Management: Implementing cloud-native identity solutions to ensure that only authorized personnel can access cloud resources.
• Remote Work Policies and Procedures: Establishing guidelines for securely accessing cloud services from remote locations.
• Data Encryption in Transit and at Rest: Ensuring that data stored in the cloud and transmitted over the internet is fully encrypted.
• Regular Security Audits of Cloud Services: Conduct periodic audits to assess the security posture of cloud services and address any vulnerabilities.

Functions of Cloud Controls

Cloud controls play a crucial role in the modern security landscape, especially with the rise of remote work. They provide a secure framework for accessing and managing cloud-based resources.

Here’s how they function:

• Secure Access Control: Cloud controls include mechanisms to tightly manage who can access cloud-based resources, crucial for remote teams.
• Data Protection: These controls ensure that data stored or processed in the cloud is protected against unauthorized access and breaches.
• Monitoring and Compliance: Constant monitoring of cloud services and ensuring compliance with data security regulations and standards.

Examples of Cloud Controls:

• Cloud Access Security Brokers (CASBs): Tools sitting between cloud service users and cloud applications to monitor activity and enforce security policies.
• Virtual Private Network (VPN) for Secure Connectivity: Using VPNs to create a secure connection for remote employees to access cloud services.
• Endpoint Security Solutions: Deploying security software on remote devices to protect against threats and ensure secure access to cloud resources.
• Multi-Factor Authentication (MFA) for Cloud Services: Requiring additional authentication steps for accessing cloud resources, enhancing security for remote workers.

Adapting layered security for a zero-trust approach

The three types of controls described above are designed to provide protection at the network perimeter. As mentioned previously, perimeter-based network security is no longer adequate, as organization resources are today distributed among internal servers, private clouds, public clouds and the web. With users accessing resources from many locations, the number of entry points into organization networks has increased exponentially. It is easier for hackers to breach the network perimeter and once in, they are able to move through the network and access all resources and data. So, instead of focusing on controls at the perimeter, organizations are looking towards the new gold standard of network security, the zero-trust approach, to combat this problem.

With the zero-trust approach, microsegmentation is used together with identity and access controls, to prevent individual resources from being accessed by hackers and malicious insiders alike. Least-privilege access ensures that users can only access the specific data and apps they need, and once inside the network, they are no longer able to move freely through it. At every ‘microperimeter’ that surrounds data, resources, and apps, whether on premise or in the cloud, security controls are in place, and the user must re-authenticate before gaining access. So, in effect, today’s perimeters are one-to-one, enabling specific users to access only their permitted individual resources, as opposed to one large perimeter surrounding the entire network. The layered security approach has evolved and transformed in response to the adoption of zero-trust. Many of the controls described above, as part of traditional perimeter-based layered security, have been adapted and broadened and integrated to suit the needs of today’s complex networks, and remain an important part of general security strategy.

Administrative controls, such as role-based access control, are very much a part of securing the microperimeters of apps and network resources. In the case of zero-trust, granular access controls grant access to individual resources, as opposed to larger areas of the network.

Physical controls remain as important as ever. As long as companies have their own physical resources, there is still a need to protect them from unauthorized physical access.

Technical controls also include many solutions that are now leveraged as part of a more detailed approach, and focus on sealing gaps within the network and between resources in the network, instead of focusing on protecting the full network perimeter. Multi-factor authentication remains crucial, and is used to protect each microperimeter. Especially relevant for remote workers, MFA allows for secure user identification from any location.

Layered security was once the primary approach to protecting networks. This approach is no longer sufficient, and security teams now depend on zero-trust models that provide better protection for today’s complex and dynamic networks. Along with sophisticated new controls designed for cloud-based security, the legacy controls that were previously deployed as part of a layered security approach have been updated and integrated into zero-trust platforms, to protect distributed networks and resources, in tune with the modern, granular approach to access and authentication.