With Donald Trump’s presidency starting on Friday, I felt this week would be a good time to tackle the idea of defense in depth. Trump, as everyone knows, is adamant that his administration will build a wall along the United States and Mexico borders. However, as noted by Lily Newman at Wired.com the wall will likely only cover half of the border. This reminds me of many firewall designs.
Typically a firewall will be deployed at the edge of a network and then various ports will be opened up. Once these ports are opened, organizations start leaving themselves vulnerable to attack. Additionally, many networks are using the M&M strategy – hard on the outside, soft on the inside. If an attacker makes it past the edge, many networks are ripe for the taking.
Organizations need to go beyond a wall if they want to stop the problem. Companies should evaluate adding security to each piece of their infrastructure. End points should have protection, email should be monitored, and web traffic needs to be classified. More mature organizations can also look at monitoring network traffic for anomalies and enforcing based on patterns.
Taking extra steps beyond the firewall can help a company build a in-depth defense strategy, helping them stop would be attackers.