Even today, IT security is often equated with the one-dimensional protection of endpoints and end devices. Since malware uses the end device both as a target and as a gateway, protective measures must take effect there – this is the argument of the advocates. However, the probability calculation of IT security has found that the shield’s effectiveness by combining different SECURITY Measures can be significantly increased.
If a protective mechanism detects and prevents 99.9 percent of all attacks, that means that one out of a thousand threats can still slip through the protective grid. This calculation is only an example because it should not create the impression that this is adequate protection. However, if you combine different, specialized defense mechanisms at other points in a transaction, the efficiency of security can be increased. Each protective measure plays out its strengths in detecting and defending against attacks.
The probability calculation shows that different protective screens not only add up in their effectiveness but multiply. Two control mechanisms with the same efficiency of 1 in 1000 reduce the success of a successful attack to a probability of 1 in a million. To achieve this multiplication of efficiency, it is essential to use different technologies for IT security to cover other types of attacks. This should include, for example, the examination of SSL traffic for malware and zero-day attacks and the screening of attack surfaces that a company has exposed through its infrastructure on the Internet.
The following categorization helps companies to create their security strategy through a risk assessment. It would help if you differentiated between technologies used to protect and prevent attacks or detect them. Protection strategies for the endpoint often go hand in hand with warding off a known threat from malware filters by recognizing known patterns. If you also want to identify unknown types of attack, you have to rely on behavior analysis and look for ways in the attack process and no longer for a specific type of malware. In the next step, the incoming communication could be examined for malware patterns and behaviors and the outbound data traffic to use it, for example, for command & control traffic or prevent the leakage of confidential information. Depending on the security needs of a company,
In addition to protecting against and detecting malware, a third category goes far beyond the classic defense mechanisms mentioned. The third way can be formulated based on the famous Chinese military strategist and General Sun Tzu. He believed that the most significant victory was the one that didn’t require a fight. Applied to IT security, this means that attacks can be avoided by not offering malware actors a target in the first place. This avoidance strategy is still used far too seldom today in the course of risk minimization by companies. On the contrary, many companies are not even aware of their target areas.
The procedures for level-like risk minimization can be summarized as follows: The first way wants to ward off the incoming attack, the second tries to discover threats based on behavioral analysis and render them harmless, and the third wants to prevent attacks from the outset. Taken together, these three methods build strong defenses and minimize the likelihood of a successful cyber attack.
Companies are therefore required to put in place defense mechanisms depending on their willingness to take risks. With the simple logic of probability calculations, you can argue your level of protection so that it can be easily understood based on clear principles. To minimize the possible attack surface, establishing a security strategy based on Zero Trust is suitable. If every employee or even third party is allowed to enter the company network with full access to all files and applications and, in this way, have insight into the entire structure of the web, then this results in a significantly increased attack surface.
All that is needed is a hacked employee account to wreak havoc on the entire network. The home office situation, in particular, leads to a high number of attacks because employees are less attentive at home, and at the same time, their work equipment is less protected. Configuration errors or possible weak points in VPN hardware, which are also openly accessible via the Internet, invite attackers to intrude and move laterally in the network.
This is where Zero-Trust Network Access comes into play as an alternative for securing remote access. Using a cloud-based model, the user is directly connected to his application based on authorization and authentication – without opening the entire network for access. By taking into account the concept of least privilege, each employee can only access the data he needs for his work. The endeavor does justice to the minimum principle of access authorizations. Since network access is no longer required for this type of access authorization at the application level, traditional attack vectors can be switched off.
ZTNA lays the foundation for a comprehensive new connectivity and security concept created through the combination of identification technology and control mechanisms from the cloud. As a positive side effect, the speed of remote employees’ connection increases significantly because the data center is no longer a security bottleneck, and costs are also reduced since MPLS bandwidth can be dispensed with. Instead, the local Internet transition serves as a path to the cloud, which brokers access rights policies and makes security hardware obsolete.
There is hardly a way around multilayer security if a company wants to reduce the attack surface exposed on the Internet. If the infrastructure is no longer visible to attackers on the Internet, attacks can no longer be launched. In particular, the increase in remote work – and thus of employees who want to access company data from different locations with sometimes inadequately secured devices – favors the transformation of the security infrastructure. With ZTNA as part of a multilayer security strategy, the probability of a successful attack can be significantly reduced.
Also Read: Protect Your Data From Ransomware Attacks