Due to their elaborate design, medieval castles have served as impregnable fortresses for centuries. Fast forward to the digital age, and this medieval wisdom still echoes in cybersecurity. Like a castle with a strategic layout to withstand attacks, a defense-in-depth strategy is its modern counterpart—a multi-layered approach with strategic redundancy and a combination of passive and active security controls.
However, the ever-changing cyber threat landscape can challenge even the strongest defenses. Despite the widespread adoption of defense-in-depth strategies, cyber threats still exist. Fortunately, defense-in-depth strategies can be enhanced with Breach and Attack Simulation (BAS), an automated tool that evaluates and improves every security control in every layer.
Defense in depth: layered false sense of security
A defense-in-depth strategy, also known as multi-layered defense, has been widely adopted by organizations since the early 2000s. It is based on the assumption that an adversary must breach multiple layers of defense to destroy a valuable asset. Since no single security control can provide foolproof protection against various cyber threats, defense in depth has become the norm for organizations around the world. But if every organization now uses this tactic, why are security breaches still so common?
Ultimately, the main reason is a false sense of security, as people believe that layered solutions will always work as expected. However, organizations shouldn’t put their full trust in multi-layered defenses—they must also stay abreast of new attack vectors, possible configuration deviations, and the complexities of managing security controls. In the face of ever-evolving cyber threats, unproven trust in defense layers will lead to security breaches.
Improving the defense-in-depth strategy
A defense-in-depth strategy advocates the use of multiple security controls at different levels to prevent and detect cyber threats. Many organizations model these layers around four basic layers: Network, host, application and data layers. Configure security controls for one or more tiers to maintain a strong security posture. Typically, organizations use IPS and NGFW solutions at the network layer, EDR and AV solutions at the host layer, WAF solutions at the application layer, DLP solutions at the data layer, and SIEM solutions across multiple layers.
While this general approach applies to nearly any defense-in-depth implementation, security teams cannot simply deploy security solutions and forget about them.In fact, according to Picus’ 2023 Blue Report, 41% of cyber attacks bypass network security controls. Today, an effective security strategy requires a deep understanding of the threat landscape and regular testing of security controls against real cyber threats.
Harnessing the Power of Automation: Introducing BAS into a Defense-in-Depth Strategy
Due to the sheer number of cyber threats, understanding an organization’s threat landscape can be challenging. Security teams must sift through hundreds of threat intelligence reports every day and determine whether each threat is likely to target their organization. Most importantly, they need to test security controls against these threats to evaluate the effectiveness of their defense-in-depth strategies. Even if organizations could manually analyze every intelligence report and perform traditional assessments (such as penetration testing and red teaming), it would take too much time and too many resources. Long story short, it’s impossible to deal with today’s cyber threat landscape without automation.
When it comes to security control testing and automation, one particular tool stands out: Breach and Attack Simulation (BAS). Since first appearing on Gartner’s threat technology-oriented Hype Cycle in 2017, BAS has become an essential component of many organizations’ security operations. Proven BAS solutions provide security teams with automated threat intelligence and threat simulations to evaluate their security controls. When BAS solutions are integrated with a defense-in-depth strategy, security teams can proactively identify and eliminate potential security vulnerabilities before malicious actors exploit them. BAS works with multiple security controls across the network, host, application and data layers to enable organizations to comprehensively assess their security posture.
Cyber Threat Intelligence Supported by LL.M.
When introducing automation into a defense-in-depth strategy, the first step is to automate the cyber threat intelligence (CTI) process. Hundreds of threat intelligence reports can be automated using deep learning models such as ChatGPT, Bard, and LLaMA. Modern BAS tools can even provide their own LLM-backed CTI and integrate with external CTI providers to analyze and track an organization’s threat landscape.
Simulating network layer attacks
As the basic line of defense, the network layer is constantly tested by adversaries making penetration attempts. The security of this layer is measured by its ability to identify and block malicious traffic. BAS solutions simulate malicious penetration attempts observed “in the wild” and validate the network layer’s security posture against real-life network attacks.
Assess host layer security posture
Individual devices such as servers, workstations, desktops, laptops, and other endpoints make up a large portion of the host layer equipment. These devices are often the target of malware, vulnerabilities, and lateral movement attacks. BAS tools can assess the security posture of each device and test the effectiveness of host-layer security controls.
Application layer exposure assessment
Public-facing applications, such as websites and email services, are often the most critical yet exposed parts of an organization’s infrastructure. There are numerous examples of cyberattacks launched through WAF bypasses or seemingly benign phishing emails. Advanced BAS platforms can mimic the behavior of adversaries to ensure security controls in applications function as expected.
Protect data from ransomware and infiltration
The rise of ransomware and data breach attacks is a stark reminder that organizations must protect their proprietary and customer data. Security controls such as DLP and access control in the data layer protect sensitive information. BAS solutions can replicate countermeasure techniques to rigorously test these protection mechanisms.
Use BAS to continuously validate defense-in-depth strategies
As the threat landscape evolves, so should the organization’s security strategy. BAS provides organizations with a continuous and proactive approach to assessing each layer of their defense-in-depth approach. With proven protection against real-world cyber threats, security teams can trust their security controls to withstand any cyberattack.
Picus Security pioneered Breach and Attack Simulation (BAS) technology in 2013 and has been helping organizations improve their cyber resiliency ever since. With the Picus Security Verification Platform, your organization can enhance existing security controls to protect against the most sophisticated cyberattacks. Visit picussecurity.com to schedule a demonstration or explore our resources like “How breach and attack simulation fit into a multi-layered defense strategy“white paper.
To deepen your understanding of evolving cyber threats, explore the top ten MITER ATT&CK techniques and refine your defense-in-depth strategy.download Crucian carp red report today.
notes: This article was written by Huseyin Can Yuceel, Director of Security Research at Picus Security. We are passionate about simulating cyber threats and enhancing defense capabilities.
