Analyst & Research Reports

O'Reilly Modern Defense in Depth

Issue link:

Contents of this Issue


Page 22 of 53

mand. Depending on the type of action being taken by the enemy, adjustments are made to the other lines to support the line that's being affected. For example, Central Command might call for an altered special operation, adjustment to infantry defenses, move‐ ments to armor (tank) units, an artillery display maneuver, or an expanded aviation reconnaissance mission. An interesting parallel can be drawn between how a military utilizes this modern DiD strategy and how cybersecurity could do the same. Cybersecurity Usage of DiD Internal intelligence sharing produces an integration that is often lacking from most organization's cybersecurity DiD strategy. This must change. If an organization observes a covert attack against a public-facing web application that concealed its way through several preceding lines of defense, it makes complete sense to initiate an adjustment on the fly to block the source of that attack upstream by way of the internal intelligence sharing. However, and in most cases, there is no construct in place to permit the sharing of internal threat intelligence across the various lines of defense. In addition, there often tends to be an overlap in the various tech‐ nologies that encompass the lines of defense, with no clear delinea‐ tion between where a defensive line begins and where it ends. Therefore, a deep understanding of where security technologies are deployed, how they operate, how they block attacks and attackers, what they do best, where they're lacking, and how they can be inte‐ grated is badly needed. Today, integrated DiD strategies must account for many attack vec‐ tors, a broadening attack surface, increases in threat actors, limita‐ tions of security technology, and the shortage of skilled personnel. Clearly, the independent lines of defense used so often in the past must move toward integrated lines of defense of the future for effec‐ tive protection and thorough risk management. The way in which we can perform this is by putting in place a con‐ struct whereby internal threat intelligence gained from one line of defense is shared among all other defenses within an organization. In the case of protecting users and the array of technologies found there, sharing of intelligence is imperative to integrating the technol‐ ogies together. Similarly, in the case of protecting web applications, Cybersecurity Usage of DiD | 13

Articles in this issue

view archives of Analyst & Research Reports - O'Reilly Modern Defense in Depth