Lessons from InfoSec 2023: how to prevent a cyber crisis with a defense-in-depth strategy

The talk of the town at InfoSec 2023 was the evolving cyber security battleground, and the practical steps organizations might take in order to mitigate some of these threats. And, for everyone I spoke to at least, the focus was very much on prevention rather than cure, for obvious reasons!

Much of our day, too, was spent discussing cyber and application security. Here's a summary of some of those conversations, which emphasized the interest organizations continue to have in improving their defense-in-depth strategies, and the role load balancers can play in all this.

The cyber security risks everyone was talking about

Q1 2023 saw a significant increase in cyber security attacks, so it was no surprise this was a topic discussed at length at InfoSec Europe 2023. The incidents everyone was talking about were:

• Supply chain attacks - Hackers are now increasingly targeting third-party software providers, knowing that one successful compromise can give access to thousands of different networks. As one attendee told us: "the MOVEit hack really brought things into sharp focus for us. Supply chain attacks are the new battleground."
• AI security concerns - Specifically how to use it safely, policies, and how its being used already by threat actors.
• Zero-day software vulnerabilities - By their nature these vulnerabilities are as yet unidentified, so any hacker that can spot an as yet unknown vulnerability and use it to gain access to an organization's systems is likely to cause major headaches.

So how should organizations respond? There are a number of different cyber security strategies that might be considered. For example, research by Armis shows that 33% of IT professionals foresee their organizations adopting zero trust models immediately, while 28% said they will do so within six months. Other strategies include increasing cyber security awareness and cybersecurity culture, risk prevention, stronger data management practices, more robust security and access controls, and ongoing monitoring and improvement.

The focus of this blog, though, is defense-in-depth. One of the most common cybersecurity strategies used to maximize the protection of critical assets.

Defense-in-depth strategy

What is a defense-in-depth strategy?

A Defense-in-Depth (DiD) cyber security strategy involves multiple layers of defensive mechanisms and controls, strategically located throughout a computer network, providing data integrity and confidentiality.

The power of a defense-in-depth strategy is that with multiple, independent layers of defense in place, even if one or more layers should fail there are still other defensive measures in place to block attacks and raise the alarm. This makes it much harder for attackers to bypass, meaning there is a higher likelihood of detection and mitigation before significant damage is done.

What practical steps can you take to implement a defense-in-depth strategy?

A defense-in-depth strategy is a holistic approach to the entire IT ecosystem, not a ticklist of software to procure. Yes, it might include certain security products, but policies, processes, and employee education are just as important. Similarly, due to the ever-evolving nature of cyber security threats, it is important to avoid complacency, and continue to adapt to any new vulnerabilities identified.

There are however some simple, practical steps that can be taken when it comes to implementing a defense-in-depth strategy:

1. Identify your risks - This will help you identify your areas of greatest risk.
2. Improve your policies - Don't forget to include incident response protocols, data classification, password policies, training requirements etc.
3. Tighten access controls - Strengthen role-based access controls (RBAC), password policies, and use multi-factor authentication (MFA).
4. Perimeter protection is still important - Robust network protection should still always be the preferred first line of defense, blocking unauthorized access and known threats.
5. Segment your network - Smaller, isolated network segments or VLANs will help prevent attacks from spreading should your defenses be penetrated.
6. Encrypt your data - Use encryption mechanisms such as TLS to protect data in storage and transit.
7. Protect your endpoints - Deploy firewalls, antivirus protection, and intrusion detection systems.
8. Monitor security events - Tools like Security Information and Event Management (SIEM) systems can be used to analyze events and log data.
9. Don't underestimate the importance of user awareness! - Many treats are inadvertently introduced by employees so a culture of best practice and vigilance needs to be established.
10. Secure your apps - Regularly updating and patching applications is critically important when it comes to addressing vulnerabilities. Web Application Firewalls (WAFs) also have role to play here, as do secure coding practices.

Number 10 is, clearly, a topic close to my heart, which leads me on to a question we got asked on more than one occasion on the InfoSec Europe 2023 stand...

Here we are in action!

What part can load balancing play in supporting a defense-in-depth strategy?

A defense-in-depth strategy acknowledges that a simple, universal web security solution simply doesn't exist. However, in its own way, load balancing is able to play a small part in supporting cyber security, and an organization's overarching security strategy.

A load balancer's main purpose is to provide high availability and resilience, but it can also play a part in protecting your applications from Distributed Denial of Service (DDoS) attacks, SQL injection, and more. Note: this is does not mean using it as your first line of defense - we always recommend you use a network firewall for that. So what part does it play?

One way in which a load balancer can support your overarching security objectives is by utilizing the Web Application Firewall (WAF) on the device. A WAF isn't a magic bullet, but, as part of a wider defense-in-depth strategy, a properly configured WAF should catch and stop common, everyday attacks. It raises the bar for attacking your web service and stops you from being 'low-hanging fruit' for attackers: they'll quickly move on to the next target in search of an easier time. And with the simple attacks taken care of, a WAF frees up your time so that you can focus on more sophisticated threats.

The future of cyber security?

By its very nature, the cyber security goal posts keep shifting, which makes staying one step ahead incredibly difficult. Prevention, coupled with cyber security strategies such as defense-in-depth, will always be the preferred first choice. But beyond that continuous risk assessment, zero trust, segmentation all have an important role to play in containing and mitigating threats.

As AI advances at pace, and hackers move to exploit supply chain attacks, it's important for all of us to improve our response and disaster recovery capabilities.