What Are The Different Layers of Cyber Security?
A detailed guide to help you fine-tune your security management strategy
Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.
With so many threats looming in the cyber space, focusing budget or attention on only one layer of security will not be enough to defend your entire organization.
Attacks do not always arrive in recognizable, virus-packed emails (though we certainly see phishing emails steal credentials often enough); they come in many forms. Some attacks stay buried in the environment or establish backdoors for the attacker to maintain control. Others more visibly wreak havoc on your web browser, systems, and networks.
In order to lay an effective foundation for your security management strategy, you must be aware of the different layers of cyber security and decide where to focus for your specific needs.
Below are some summary introductions to each.
Layers of Cyber Security
Network Security safeguards the computer network from intruders by monitoring and controlling the traffic from both incoming and outgoing connections. Network Security maximizes the use of hardware and software technologies to keep internal networks and infrastructure safe, uncorrupted, functional, and free from unauthorized access. Some of these technologies include antivirus, anti-spyware, virtual private networks (VPN), intrusion prevention systems (IPS), encryption, extra logins, and firewalls.
Application Security is aimed at securing device applications and software by looking for vulnerabilities and hardening the software via the use of known-good code. For application security to be successful, it must start at the foundation. During the design and development phase, developers should follow the secure software development lifecycle (SDLC) and consider all measures and countermeasures against known exploits. To combat threats, application security utilizes techniques and solutions such as input parameter validation, session management, user authentication and authorization, application firewalls, antivirus checks, and encryption... to name a few.
Data Security focuses on the protection of data, ensuring confidentiality, integrity, and availability are well-maintained for data at rest, in use, and in transit. Data Loss Prevention (DLP) involves processes to effectively monitor information, keeping track of its location, classification, access control, and related activities through network permissions and data storage policies. It is also important to protect your data with properly defined encryption and data backup policies.
Website Security ensures that websites and their visitors are protected from malicious actors who may be attempting to steal data, phish for sensitive information, hijack sessions to launch malicious actions, redirect to unsecured sites, or send SEO spam to confuse visitors and lead them to malicious sites. Website Security also covers the protection of a website’s database, applications, source codes and files, particularly from distributed denial of service (DDoS) attacks, malware, blacklisting, vulnerability exploits, and defacement. Some of the tools used to maintain website security include website scanning and malware removal, website application firewalls, and application security testing.
Blackpanda Operational Security (OPSEC) ensures that all processes and decisions, such as how to grant system and network access or where data should be stored, are well established. Taking the guess work out of operational workflows prevents people from making bad decisions.
Cloud Security is focused on monitoring and protecting information and digital assets used and stored online via your cloud resource platforms. The most common technologies used to provide cloud security include firewalls, penetration testing, data obfuscation, tokenization, secure key management, VPNs, and avoiding public internet connections.
Endpoint Security is geared toward securing servers, workstations, and even mobile devices primarily by ensuring that any unauthorized access will be blocked from all entry points. Companies commonly use file integrity monitoring, antivirus, anti-spyware, and Identity and Access Management (IAM) to effectively manage and protect endpoints. Aside from using tools, endpoint security also involves educating all end users of the proper cyber hygiene in order to mitigate risks.
Blackpanda Disaster Recovery and Business Continuity covers planning and preparing for cyber security attacks or other types of unplanned incidents. A successful plan will outline the processes that an organization must take in response to a crisis and the recovery strategies that it must employ to minimize losses. In the event of an incident, the top priorities are to prevent data loss and fix service outages. By creating regular backups of critical data and testing recovery plans, for example, many headaches can be avoided in the event of a ransomware incident. These policies must ensure that business operations will continue even after an attack and that working capacity will be reestablished.
Common Cyber Security Technologies and Solutions:
Across most of the layers of security stated above, one or more security controls (another term for protective technology) are used simultaneously to deliver stronger protection against malicious actors attempting to gain unauthorized access and exploit devices, systems, or networks. Some of the most common technologies and solutions include the following:
Antivirus//Anti-malware solutions scan computer systems for known threats or viruses based on predefined malware signatures. Aside from detecting threats, versions of this software may be able to inform users of the current health of their devices (patch levels) and remove any infection or harmful software. Modern antivirus solutions are also able to intelligently identify previously unknown threats based on malware behavior analysis rather than pre-identified signatures alone.
Encryption involves the encoding of data to render it unintelligible to unauthorized viewers. Simply put, the information is converted to a scrambled form using one of many formulas (cipher suites) to mask its true message and prevent it from being stolen. Encryption can be applied to data in transit (e.g., over HTTPS or through a Virtual Private Network), and data at rest (e.g., on a server or your phone when it is locked). Asymmetric encryption allows data to be safely shared and transmitted online to other trusted users.
Identity and Access Management (IAM) software solutions allow an organization to assign capabilities and provide access privileges to individual users. Moreover, these solutions use authentication services to control and track user access, ensuring that critical data and internal systems are not accessed by malicious (unauthorized) actors. Pay close attention to shared accounts, or local administrator accounts, which tend to be ripe targets for attack.
Data Loss Prevention (DLP) is usually employed to detect the status of the data being secured—whether it is being used, stored, or transmitted. DLP also includes policies on how to recover lost data. Access justification, change management, and stringent file permissions help prevent data exfiltration as well as blacklisting common (but unauthorized) cloud storage applications.
Firewalls are network security devices that seek to prevent unauthorized activity on a private network based on defined security rules. A firewall monitors both inbound and outbound network traffic and the rules will allow or deny the traffic from reaching its destination.
Intrusion Detection Systems (IDS) are more granular than firewalls in that they monitor and detect malicious network activity based on a set of predefined signatures. If the organization has centralized logging, an IDS can immediately report any activity that violates these norms via a security information and event management system (SIEM).
Interested in speaking to a DFIR specialist?