In today’s ever-evolving threat landscape, achieving peace of mind for security teams requires implementing multiple defense-in-depth layers.
Why? There are two key reasons:
- Expanding Attack Surfaces: The proliferation of remote work and digital transformation initiatives like DevOps has expanded attack surfaces beyond the scope of traditional security measures. It has become challenging for security teams to define these surfaces comprehensively. The recent Twilio breach underscored this vulnerability, revealing how threat actors can circumvent even advanced two-factor authentication (2FA) protocols.
- Increasingly Evasive Threats: Threats infiltrating network environments are adopting more elusive tactics, making them difficult to detect and trace from their initial entry point. Research by the University of Eurecom (FR) analyzing over 170,000 real-life malware samples found that over 40% utilize evasive and in-memory techniques, effectively bypassing the protection offered by Next-Generation Antivirus (NGAV), Endpoint Protection Platforms (EPP), and Endpoint Detection and Response (EDR) solutions. Moreover, lateral movement, present in at least 25% of cyber-attacks, exacerbates the challenge of identifying and mitigating threats.Given the surge in targeted and evasive threats, no single security layer, whether at endpoints or critical servers, can offer sufficient protection against attacks. Instead, akin to layers of identity checks and bodyguards safeguarding a VIP, security teams must establish a multi-layered security framework between critical assets and potential threats.Defense-in-depth transcends merely deploying multiple security products; it entails fortifying people, processes, and technology to achieve a resilient security posture.
Here are our recommended best practices for building defense-in-depth layers:
- Prioritize Training and Awareness: Address human error by providing regular security training and implementing controls like multi-factor authentication (MFA) as a backup.
- Implement Network Segmentation: Protect vulnerable network assets and impede lateral movement by segmenting networks and subnetting.
- Utilize Tailored Technology Solutions: Deploy best-of-breed security tools customized to each environment and business scenario, covering endpoints, servers, internal systems, and network perimeters.
- Maintain Proper Updates and Configurations: Continuously patch and configure security solutions, business applications, and operating systems to mitigate vulnerabilities and misconfigurations effectively.
Deploying Moving Target Defense (MTD) is crucial for protecting against evasive and in-memory cyber-attacks.
MTD operates by morphing memory, rendering it invisible to threats that target it, thus mitigating risks associated with code and memory exploitation techniques. As part of a defense-in-depth strategy, MTD effectively counters zero-day, fileless, and in-memory attacks that bypass other security controls. Morphisec offers a variety of MTD solutions for endpoints and servers, helping organizations bolster their security posture. To learn more about this innovative technology, check out our whitepaper, “Zero Trust + Moving Target Defense: The Ultimate Ransomware Strategy.”