Defense in Depth, Part 2: Addressing today’s advanced security threats
Melissa Stevens 270005B76W MELISSAS@US.IBM.COM | | Tags:  security ibm-security server-protection advanced-threats threat-protection host-security
0 Comments | 5,448 Visits
This post is written by Nick Harlow, Product Manager - Server Security and Security Content Analysis for IBM Security.
In part one of this series, we defined the term advanced persistent threat, outlined the threats organizations face today from both increasingly sophisticated attackers and careless or malicious insiders. Furthermore, we saw how traditional IT security approaches left organizations exposed in this more dangerous IT security landscape. In this installment, we will examine how defense in depth can provide a multi-layered approach to security that provides organizations with both the flexibility to operate as needed and the ability to reduce exposure to serious business and IT security risks they face from advanced attackers.
In order to address the threat from advanced malicious attackers and insiders, organizations should take the following steps:
We can refer to this approach to IT security as defense-in-depth. At the network layer, defense in depth means not only blocking unwanted traffic using a firewall, but also inspecting both ingress and egress network traffic on otherwise legitimate communications channels. Attackers use common protocols and open ports to hide attack traffic; the only way to detect it is to be able to see it, understand its context, and extrapolate the correct insights. Solutions that provide these capabilities may provide the following capabilities:
Administrators can apply these technologies at the perimeter layer as well as the host network layer and use different policies with each in order to provide the level of flexibility, visibility and protection required at each point in the IT environment. However, defense in depth does not stop with the network layer. Organizations should have visibility at the operating system, file system, and application layer of their environments as well. Host security solutions can facilitate this by providing the following capabilities:
Today’s complex, multi-layered IT environments face advanced, growing threats from motivated and sophisticated attackers. Failure to address this security and IT governance challenge effective can result in disruption of operations, loss of productivity, the dissipation of competitive advantage, embarrassing and expensive data breaches, and loss of revenue and customers. Defense in depth can help significantly to mitigate these risks. IBM Security Systems threat management solutions can help to provide defense in depth capabilities for today’s IT environments, while minimizing the cost and complexity of security. Also learn more about IBM’s latest offering in Host Security.
Watch this video to learn more about the IBM Security Advanced Threat Protection Platform.