One of the things that came out of the conference I attended on Tuesday in London, was defence in depth, combatting the ways in which the threat actors have expanded their attack vectors and tactics to evade various modern technical and human defences.
The message we should all take from this is that the traditional anti-virus/firewall/back-up cyber security defences form only a small part of the response that any responsible organisation needs to make to today’s cyber security threats.
This is defence in depth.
What is Defence in Depth?
Your cyber security tools should work together to reinforce each other, so if a threat actor gets past your anti-virus, your user’s cyber security awareness training will help them spot a phishing email. If your user misses the phishing email, thinks it is genuine and opens an attachment, your anti-virus needs an EDR (Endpoint Detection and Response) extension which will spot suspicious activity on the user’s laptop and respond in a way to limit the attack.
Your back-up needs to be complete, usable, tested, and able to resist the modern ransomware attack, which actively seeks out back-up software and back-up files, disabling the first and encrypting the second. Your back-up must have depth – test yours against the standard described here:
What is a Ransomware Resilient Back-up?
Threat actors will often wait to make their move, often spending months inside a compromised system, to understand how you do things before pouncing. Your cyber security tools not only need detection and response, but you need procedures in place to provide a defence which an outside attacker is not aware of in case the detection and response fail. Business Email Compromise is a common attack threat actors carry out once inside an organisation and it can result in the theft of large sums of money – the employees basically give that away to the hackers. Simple text message confirmations of unusual payments and monitoring of email forwarding rules can defend against these types of attacks, where one system or tool cannot.
Then there is the attack that is carried out at 3am, when you and your IT and Cyber Security support are in bed – that is when a 24/7 continuous monitoring and response Security Operations Centre (SOC) will protect you.
Tools that monitor and react
Above is only a flavour of the cyber security threats that face an organisation operating in our connected world. At Octagon Technology and Smart Thinking, we have put together a stack of security products aimed at the small business or organisation that is cost sensitive, yet provides enterprise level protection. It includes a SOC that takes in logs and information to provide that 3am protection…
Is it time you contacted us to see what we can do for you?
A bit more about our SOC and Defence in Depth
Our tools feed information into our SOC from your systems. Machine learning means the SOC understands what “normal” is on your endpoints and in your software systems and even how your people usually work. This is added to the acquired knowledge that the system gains from all the other organisations in the SOC and external threat analysis to provide the protection.
We also plug you into our team of experienced cyber security experts, backed by scanning/detection tools, AI and machine learning, who help us and your incident response team to respond quickly to cyber security issues. They can respond and triage the attack before escalating the problem – night or day all through the year.
This is enterprise-level cyber security for those organisations that want to show their stakeholders they really care.
…one more thing…
John O’Mahony at Connect London 2023
If you are still unsure, John O’Mahony, one of the keynote speakers from the conference, will present a webinar on our SOC and cyber security stack for Octagon Technology and Smart Thinking. This is not an open event – clients of Octagon Technology and Smart Thinking will be getting invitations. If you’d like to know what you are missing out on, get in touch with me and once a date has been decided I shall send you more information.
Clive Catton MSc (Cyber Security) – by-line and other articles
Further Reading
Cyber Security The Layer Cake Approach
Photo by Pavel Danilyuk