Multi-Layer Security Strategy: 5 Most Integral Parts

No security strategy has just one layer — and if it does, it probably isn’t very effective. You wouldn’t protect your entire business with a single consumer-grade antivirus program, and if you did, you’d deserve what was coming to you. (In fact, it was this very security setup that led directly to the 2014 Target breach. Cost: millions of dollars and a disgraced CEO).

Multi-layer security means that you have multiple security products protecting each part of your organization. You have endpoint security, firewalls to protect your perimeter, SIEM tools to reinforce your perimeter, and many extra programs such as IAM, DLP, IDS/IPS, etc. 

A multi-layer security strategy — a.k.a. defense-in-depth — is based on the idea that it is very easy for an attacker to breach a single layer of security software. Don’t be alarmed, but you’ve probably been breached already. It’s just that, for now, your attackers are probably stuck between your firewall and your IDS. That’s what the multiple layers are for — even if one layer fails, only multiple failures will result in your data finding itself in jeopardy.

Here’s the thing: Multiple failures aren’t just occasional — they’re frequent. Otherwise, breaches wouldn’t be happening every day. So, while it’s likely that you’re already using a multi-layer security strategy, it’s equally likely that you aren’t using enough layers, or that your layers aren’t being correctly maintained, or that you are missing an essential layer. 

What does a multi-layer security strategy look like in its ideal form?

1. Network Security

You need to know who and what is trying to connect to your network. Firewalls can block known bad connections — such as IP addresses associated with malware — but attackers can get around this. Too much inspection can also slow down internet traffic.

IDS adds an extra layer of security by inspecting packets as they go through your perimeter. Unlike a firewall, the IDS does this without stopping them, allowing your network traffic to keep moving. Suspicious activity is flagged for attention by your NOC.

Finally, network segmentation adds layers of strong authentication to your internal network. Even if an attacker gets through your firewall and IDS, they’ll need to steal multiple credentials in order to move through and find the data they want.

2. Endpoint Security

An endpoint is generally a personal computer, but the term can refer to servers as well. Endpoints are particularly prone to infection or compromise because they’re often operated directly by humans, and humans are easy to fool.

You’re probably familiar with antivirus as it relates to endpoint security. Generally, antivirus works by scanning filetypes in order to see if they match known viruses, but more advanced enterprise AV often uses machine learning or behavioral detection to fight malware.

Browsers are a huge vector for infections on endpoints. Isolated browsing features place the user’s browser inside a virtual machine. If a browser is attacked by malware, such as a drive-by-download, the malicious file will execute harmlessly inside the VM, away from the network.

3. Application Security

If your organization relies heavily on SaaS applications, application security — rather than firewalls or antivirus — might be an important mode of defense. Since the application vendor has responsibility for securing the application itself, your main job will be preventing attackers from stealing passwords.

The most effective thing you can do to secure application passwords is to implement two-factor or multi-factor authentication. This involves using an extra piece of information — usually, a one-time password sent to the user’s phone — to authenticate a user alongside the password itself. 

Although SMS-based 2FA has been shown to be less effective than other forms, even this weaker form of 2FA is 100 percent effective against automated attacks and 76 percent effective against targeted malware/hacking attempts.

Although 2FA or MFA are the most effective ways to defend against an attack, you can improve their effectiveness by implementing strong access policies. Mandating strong passwords is one solution, but another one is the principle of “least privilege.” In other words, every employee should have access only to the applications and data stores necessary to do their jobs.

4. Data Security

Your own users create vulnerability even apart from their propensity to download viruses onto their own desktops. For example, you only have to look at the huge number of HIPAA and PCI breaches where users have emailed sensitive records outside of the organization… in plain text.

Whether accidentally, maliciously, or through enemy action, email is the primary vector for sensitive information to escape from your organization. Fortunately, there are a few ways to put a stop to this.

First, you can implement data loss prevention (DLP). This technology searches outgoing email for strings of data that resemble SSNs and credit card numbers and blocks them so users can never send that information in plain text.

Meanwhile, you can use encryption and other policies to make sure that only authorized individuals can open the emails that you send. This prevents malicious third parties from intercepting the email in transit or stealing your emails from a vendor’s inbox.

5. Physical Security

Never underestimate the power of an attacker dressed as a FedEx guy. If you don’t keep track of the people entering and leaving your building, you’re putting yourself at risk. It’s incredibly easy for unmonitored guests to conduct espionage — leaving malicious USBs in your desktops, accessing server rooms, or even downloading papers at an unattended desk.

You want to keep track of everyone who enters or leaves your building while adding more rigorous protections for sensitive areas. Visitors should never be unaccompanied as they wander around your building, and employees should be unafraid to challenge strangers if they don’t have a badge or a lanyard. Biometric authentication is a must for your server room or data center.

Putting it All Together

When you combine multiple layers of security, you prevent diverse methods of compromise. Hackers that don’t get through your security using one method are probably going to try another. If you block them at multiple points, they’ll probably give up (hackers can be lazy like that). Even an exceptionally savvy attacker will be more susceptible to discovery if they have to attempt to breach multiple safeguarded areas of their organizational target.

Even if you don’t think you have the budget or the manpower to attempt a full multi-layer security implementation, a few layers are better than none. Our advice is to speak with a security professional who can help you understand what your primary weaknesses are, and then invest strategically to set up as many layers as possible.