Shallow Defense In Depth

690

Are More Security Controls Really Making You More Secure?

The average enterprise uses 75 security products just to secure their network. Organizations mistakenly believe that layered security controls help them achieve a defense-in-depth strategy that will keep their systems safe. They think that when an attack breaches one control, another one will certainly fend off the attack. Of course, the thought continues that the more security controls you have, the deeper your defense in depth is, meaning that there’s a greater likelihood of preventing a breach.

Endpoint protection started back in the 1980s with traditional antivirus and has since morphed into product-laden suites claiming to offer complete protection. Do they really? I doubt it since a SANS survey shows that 53% of organizations have experienced an endpoint compromise within the last two years. According to Ponemon Institute’s 2017 Cost of Data Breach Study: Global Overview, organizations face a 27.7 percent likelihood of a recurring material breach, defined as one that involves a minimum of 1,000 lost or stolen records containing personal information about consumers or customers, over the next two years.

Why Isn’t Adding More Security Controls Working?

Additional security layers aren’t working because they are providing shallow defense in depth. For effective defense in depth, each layer needs to do something fundamentally different. Here’s a quick look at why this is true.

Most suite components in today’s endpoint protection suites, such as antivirus, next-generation antivirus, host intrusion prevention systems and data loss prevention, are based on the negative security model that attempts to hunt down what is “bad” and allows everything else. They often miss new, never-seen before and fileless malware threats since they rely on known malware in some form or fashion for detection and prevention. If malware evades one security control in the suite, it will most likely evade all other controls since they’re based on the exact same security model.

How Can You Achieve True Defense In Depth?

True defense in depth is possible. It begins by adding a preventative security control that doesn’t depend on the detection of threats. You can’t stop malware, but you can stop the damage it intends to cause. Here are a few additional things you should look for when extending your defense:

  • Low management overhead is important with organizations that have limited security staff, and most do.
  • Lightweight deployment with no resource-draining activities on endpoints is required to prevent negative performance issues
  • Little friction when deployed widely in the workplace to avoid a poor user experience
  • A low number of false positives so that security staff doesn’t have to invest their valuable time on wild goose chases.

Learn more >> Check out this white paper, Is Your Endpoint Security Strategy Too Negative?, to learn the value of complementing your endpoint security with a preventative security control based on the positive security model. 

Ad
Rene Kolga is Senior Director of Product and Marketing at Nyotron, the developer of PARANOID, the industry’s first OS-Centric Positive Security solution to strengthen your AV or NGAV protection. By mapping legitimate operating system behavior, PARANOID understands all the normative ways that may lead to damage and is completely agnostic to threats and attack vectors. When an attack attempts to delete, exfiltrate or encrypt files (among other things), PARANOID blocks them in real-time.