Section 6.2 Layered Security
The diagram displays a stacked representation of a layered security approach, commonly known as defense in depth. It consists of six horizontal rectangular blocks, each denoting a specific layer of security.
The layers are numbered and labeled as follows from the base upwards: Layer 0 is "Operating System." Layer 1 is "Antivirus." Layer 2 is "Antimalware." Layer 3 is "Firewall." Layer 4 is "Intrusion Detection System." Layer 5, at the top, is "Human Monitoring." This visualization demonstrates how multiple security measures are combined to provide comprehensive protection.
Given that a single security solution is never 100% effective it makes sense to approach security in layers and use multiple systems. There is often a lot of overlap between solutions and while that may seem inefficient in other fields, in cybersecurity we consider it a benefit. By using multiple solutions, sometimes referred to as multi-layered security or defense in depth, you can build a more robust protection against breaches.
Let’s take a look at an example to see how layered security can help mitigate the effects of a real-world attack. Assume an SOC is supporting a web application on self-hosted machines. A malicious actor wishes to exfiltrate data from the web application. They begin by testing to see if SQL several different SQL injection attacks yield any results.
A well designed web application should sanitize its inputs and may prevent the queries from making it to the database. Similarly an alert team may notice a sudden uptick in SQL queries, far beyond the usual baseline for the application. An IDS (Intrusion Detection System) may flag the queries as known SQL injection attacks. Assuming the attack makes it past the application, team, and the IDS, it is possible that the database user is configured according to the principle of least privilege and the queries will not be executed due to a lack of permissions.
As you can see, any one of these layers may be fail, but by having multiple layers the chance of an attack occurring is greatly diminished.
You have attempted 1 of 1 activities on this page.