Layered Security Model
Companies, network administrators and IT personnel often suffer from the illusion that a single security solution can adequately protect their entire IT investment. If you need any other convincing, just look at the headlines announcing how network breaches of well-known and obscure organizations have led to financial calamities and ruined reputations.
Understanding Layered Security
Hackers no longer rely on a single method to penetrate networks. Just as technology has evolved, so too have hacking tools, which now seek multiple routes to attack a network’s infrastructure. To fight these multi-pronged attacks, companies also need a multi-dimensional (or “layered”) approach to securing their network and data assets.
The idea driving layered security is that multiple strategies are better suited than a single solution when it comes to protecting a network from a broad range of attacks. By having a layered approach, a weakness or flaw that exists in one layer can be compensated by the protection delivered by another layer.
A virus that gets past a company’s antivirus software, for example, will be stopped by a firewall application. But if the virus penetrates the firewall, it will be stopped by the anti-malware application running on the workstation. But if the virus runs on the workstation, its anomalous behavior will be flagged as suspicious or unexpected by the company’s intrusion-prevention system and the virus will be quarantined. In this way, layered security is designed to thwart, impede or stop the threat until the threat can be squashed.
Layered Security Models
While all layered security models protect networks using multiple security measures, their approaches can differ significantly. Some models address protection at the system, network or application level. Other models deal with security at the transmission level by focusing on data in use instead of data at rest.
Before you commit to a solution, be sure it addresses your security concerns. A company seeking to protect its network devices and operating systems, for example, can open a myriad of security vulnerabilities that can impact their environment by selecting a solution that focuses primarily on hardware, protocols and applications.
The following are brief descriptions about the layers addressed by various layered security models.
- Antivirus – Antivirus applications protect the network against viruses and malware programs. Nearly all companies have some form of antivirus application, either out of due diligence or to conform with regulatory compliances. Companies should avoid antivirus applications that can slow network performance — especially when performing on-demand scans. And while detection rates have improved over the years, no single program can be expected to catch every virus and malware threat. For this reason, it is important for companies to identify the threats of most concern and then select an antivirus application that addresses those threats. It is also critical to keep antivirus signatures up to date to ensure that networks are protected against the most recent threats.
- Firewalls – Hardware or software devices located between your network and an outside network such as the Internet. A firewall protects a network from attack by examining traffic coming into and leaving the network, and flagging any suspicious data packets that could pose a threat to the network. While a firewall can protect a network form attacks by outsiders, it cannot protect against attacks that bypass the firewall, such as when a proxy unknown to the firewall is used to tap into the network. Firewalls also have no power over threats originating inside a company, such as when careless employees share passwords or disgruntled workers leak or destroy sensitive data.
- Trusted applications – Companies should limit the software running on servers and workstations to trusted software applications from reliable sources. Unknown executable files should be quarantined from production environments until their veracity can be confirmed.
- Network Access Control – Hardware and software products that permit trusted devices to access network resources by ensuring they comply with a company’s security policy.
Making the Case for Layered Security
Would you ride in a plane flown by a pilot who is “flying blind,” without guidance from his instruments, air traffic control or radar? Of course not. Nevertheless, the axiom “You can’t manage what you can’t measure” remains true for many organizations that render security decisions without truly understanding what’s on their network.
A recent survey conducted by ESG research shows that 41% of organizations were unaware of the applications installed on their network. 36% reported gaps in monitoring suspicious and malicious network activity, while another 36% did not monitor patches and downloads to the devices on their networks.
In these cases, ignorance is not bliss. An organization that does not have a clue about the activity occurring on its network — whether legitimate, suspicious or nefarious — cannot defend itself against attacks. Even a perimeter of layered-security levels might only delay attackers for a short time.
Inevitably, determined attackers going up against a defense that is ill-suited for a network’s security requirements will penetrate the layers and gain access to the network and its sensitive data. Consistent monitoring and reporting using the appropriate security controls are key for ensuring a solid security foundation. Having a management layer that can monitor all security and vulnerability layers allows a company to remain vigilant when it comes to speedy identification and remediation of detected vulnerabilities.
No One Does Layered Security Better Than SolarWinds MSP (formerly LOGICnow)
In network security as in sports, the best defense is a good offense. SolarWinds MSP's suite of proactive, detective and reactive suite of applications deliver complete protection for all disaster scenarios, allowing you to execute on your layered security strategy.
Proactive security acts in advance to catch malicious activities before they become serious. Web protection guards users against malicious websites. Patch management closes known holes in over 40 Microsoft applications (including Office 365) and more than 80 third-party programs. Mail security halts incoming email threats, including malware attachments, phishing, ransomware and spam.
Detective security catches potential threats as soon as they appear. Managed antivirus delivers the best malware protection in the industry. Failed login checks and rules prevent hackers from brute-forcing their way into your network. Active device discovery catches rogue devices before they can do harm.
In the unlikely event that an attacker penetrates SolarWinds MSP's layered defense perimeter, reactive security tools enable systems to recover quickly. Backup and disaster recovery tools restore systems in minutes. Virtual server recovery gets physical servers and workstations up and running in short order. Local backups, cloud-based redundancy and hybrid cloud recovery ensure speedy business continuity — even during an Internet service disruption.
About SolarWinds MSP
SolarWinds MSP delivers the only 100% SaaS, fully cloud-based IT service management (ITSM) platform, backed by collective intelligence and the highest levels of layered security. SolarWinds MSP's products — including Risk Intelligence, Remote Management, Backup & Disaster Recovery, Mail and Service Desk — comprise the market’s most widely trusted integrated solution.
Deployed on millions of endpoints across hundreds of thousands of networks, the platform has the industry vision to define and deliver the future of the market. SolarWinds MSP provides the most comprehensive IT security available as well as LOGICcards, the first ever IT notification feature powered by prescriptive analytics and machine learning.
SolarWinds MSP’s passion is helping IT professionals secure and manage their systems and data through actionable insights, rewriting the rules of IT.
For more information, visit www.solarwindsmsp.com.