In war, "defense in depth strategies" have been employed since the beginning of human history. This multilayered defense approach can be seen in everything from medieval moat and wall fortifications to the Demilitarized Zone (DMZ) between North Korea and South Korea.
The idea behind any defense in depth strategy is to build layers of defensive redundancy that will stymie unwelcome invaders if a primary, parameter defense is breached.
The same military thinking can be applied with great success in the digital arena. Much like physical borders, digital borders between private data and information, and the public are best protected with a multilayered array of defense.
What Happens After a Security Breach?
This defense-in-depth approach addresses one of the most critical challenges facing users, businesses, and Managed IT Services and network security professionals today: What happens after a security breach?
What Can You do to Eliminate Cybersecurity Risks?
What can organizations do to identify and eliminate cyberthreats that have already bypassed parameters defenses or gained access to critical internal networks?
Today, sophisticated phishing and ransomware attacks are widespread.
According to Verizon's 2020 Data Breach Investigations Report (DBIR), 22 percent of security breaches in 2019 was the direct result of a successful phishing scam. The vast majority, about 96 percent, of these phishing incidents occurred through emails targeting users.
As every cybercriminal knows, the weakest link in any network security setup is most often users themselves.
It doesn't matter how robust your organization's parameter defenses are if network users themselves are unwittingly letting bad actors in through the front door.
Even worse, once a cybercriminal has access to a network, they may lay dormant for weeks, months, or even years as they assess the value of your data and information. That means that once they are in, it can be incredibly challenging to detect their actions before any damage can occur.
One tried, and accurate technique for identifying and mitigating cyberattacks that have already gained access to your network is to employ so-called security deflection measures.
How Does "Deflection" Work?
Once a bad actor has breached your first lines of defense, it can be difficult to root them out. Security deflection, however, provides an excellent way to expose hidden snoops and misdirect their actions toward phony or decoy data.
Deflection strategies work by monitoring traffic to and from unused ports and services within your organization's networks. Think of these new ports as unused doors to empty rooms. By continually monitoring and surveillance these ports or doors, you will identify unusual traffic patterns. Cybercriminals themselves do not know which doors and rooms are not being used. Thus, they will likely open some of these doors in search of valuable data. Once one of these unused doors has been accessed, it will trigger a network security alarm.
However, identifying a breach in progress is only part of what makes deflection strategies so effective. Besides monitoring unused ports for suspicious activity, deflection strategies also employ decoys to misdirect hackers and waste their time and resources.
When a cybercriminal accesses an unused port, they will be redirected to a decoy service and presented with worthless data. While deflection strategies delay an attacker, your IT security team can figure out what the attacker is trying to achieve and how to kick them out of the system.
Improved IT Security
Deflection techniques can enhance your organization's cybersecurity strategy by adding an additional layer of network monitoring and security.
By dangling false sensitive information and creating honeypot traps for would-be hackers, savvy IT security professionals can lure malicious actors away from real valuable data.
This type of layered defense is especially crucial since active measures can be challenging to implement once a breach occurs. Better yet, deflection strategies can be implemented at any endpoints of a network.
Deflection strategies also improve overall cybersecurity by detecting passive attackers who monitor network traffic to steal secret information. The moment a passive intruder attempts to access a monitored port, they will be exposed, and their actions deflected.
Effective deflection strategies play an essential and complementary role alongside common parameter defenses such as firewalls and virus scanners.
Monitoring unused ports allow network administrators to catch hidden snoopers and data thieves. Furthermore, as more and more companies and organizations move towards remote working, endpoint attacks that breach parameter defenses will become common.
Network deflection measures are essential for creating defensive "depth" and increasing the friction intruders face when entering a compromised system.