Subscribe via E-mail

Your email:

Browse by Tag

Latest Posts

Follow Me

Cyber Security Logic

Current Articles | RSS Feed RSS Feed

Layered Security - Outside In to Inside Out

Posted by Monte Robertson on Fri, Apr 09, 2010 @ 11:34 AM
  | Share on Twitter Twitter | Share on Facebook Facebook | Buzz This  Google Buzz | Submit to Digg digg it |  Add to delicious  delicious |  Submit to StumbleUpon StumbleUpon |  Share on LinkedIn LinkedIn |  Share On Technorati Technorati | Submit to Reddit reddit | 

When we started providing security software and information to those who needed help the most, it was not immediately clear to us that different tools were good at different things. A variety of vendors existed but not many people were taking a serious look at the real differences between security software offerings.

Most purchases back then were based on how good the marketing was or which solution had this bell or that whistle. As it turns out, bell & whistle does not good Internet security make!

Antivirus software and Firewalls (remember Black Ice and Tiny?), were popular and widely available but there was not much else. This was the beginning of Layered Security. We didn't recognize it at first but it was a beginning. We used to carry every type of Antivirus software we could get our hands on but quickly discovered that there were real differences in the solutions. Not to mention lots of conflicts.

Some lessons must be learned the hard way, especially with new security technologies. We had to have strong marketing noise filters in order to standardize on the best security software we could find in terms of performance and detections over time.

Most of the threats at that time (or so we thought), came from the outside, aka the Internet, so we worked hard at securing the perimeter. It made perfect sense because this technique had been followed throughout history. Build walls around the castle as the first layer of security.

After some time it became clear that perimeters were strengthening, giving us a hard outer shell but like an egg, once you are inside everything went soft. Think about the original Trojan horse, hence the origin of the term. Insiders' were\are trusted implicitly and thinking that perimeter defense was enough was exactly where the wheels start to come loose.

At some level you have to trust users within the company and on other levels you have to protect them against themselves. When it comes to critical data we recommend choosing very carefully who has access to what data and build layered security around those choices.

As a result, our thinking about Layered Security is rapidly changing from a strictly Outside\In layered perimeter defense, to an Inside\Out defense. It now even includes offensive or proactive security (hint, virus signatures are old hat), and stand alone security strategies. 

These days blended threats require a blended response.  More to come. Stay safe out there.

Security as a Service for Businesses who have better things to do. 303.232.9070
Tags: 

Comments

There are no comments on this article.
Comments have been closed for this article.