Layered Security, Take Note

Each year businesses worldwide collectively spend billions of dollars to create robust multi-layered security architectures with improved technologies.   The proverbial chase to build a better mousetrap.   How many layers of security are enough?  And what does each layer do to the IT security budgets? Despite spending more, breaches still make the headlines, and compromises are more prevalent than ever.

The requirement of layered security – in which an organization supports a wide variety of security technologies to detect attacks is still a valid and necessary architecture, but this hasn’t stopped the problem.   It’s time to take the next step and rethink cybersecurity.   The way it’s approached from a strategic, architectural perspective.

There are new ways to build a comprehensive defense with a modern security architecture that not only prevents attacks but allows your users to continue doing their job while increasing their productivity.   To stop the attack before it propagates within the network, security architects need to develop models using the full context for the attack’s traffic as it moves through the stages of infestation. Security teams need to implement a planned and integrated security architecture that can:

  • Incorporate new security technologies, don’t just improve old technologies that attackers have already mastered.
  • Prioritize eliminating attacks that occur most frequently, such as ransomware, phishing, malvertising, and credential theft.
  • Determine the source of successful attacks. Which vulnerabilities do attackers exploit, and where?
  • Reduce the attack surface across the distributed organization. The browser runs on nearly every endpoint, yet it has many vulnerabilities that cannot be patched.
  • Isolate endpoints from suspicious behavior and unknown threats to prevent attacks.
  • Integrate with existing systems to simplify operations and enable new workflows.

Security teams face a growing set of security challenges as web-enabled applications and solutions continue to evolve.

Social engineering attacks continue to succeed.  Attackers rely on phishing tactics to entice an organization’s users to click an errant link, allowing ransomware to slip on to their endpoint. No matter how much we train end users, some will always click on links inside a phishing email, opening your organization up to a breach because it only takes one user to click on a link.

Cyberattacks have become increasingly more sophisticated too, often entering from a known source or website, then breaching one of the multiple layers of security in place, elevating privileges, and pivoting through the network to find data to exfiltrate. Security architectures that layer numerous detection technologies, with each independently targeting a separate threat approach, may require traffic analysis in multiple sequential steps to detect the latest attacks. Not to mention this further exacerbates the skills shortage issue.

In contrast, there are some newer technologies that invert the approach. Instead of identifying good vs. bad, these technologies model themselves on a Zero Trust approach – assume that things will be bad and therefore need a more proactive approach to defense. One such technology is browser isolation, or as Gartner calls it, remote browser isolation (RBI). RBI is a new security architecture that does not rely on detection or network traffic analysis.  RBI defeats both known and unknown threats while complementing the layers of traditional detection-based security tools, and in many cases improving your ability to use those technologies by eliminating the web as an attack surface.  Let us not just build a better mousetrap but incorporate innovative solutions that prevent new and unknown attacks and make our existing investments better.

Learn more about remote browser isolation as provided by the Isla Isolation Platform here

David Martinez

David Martinez, Sr. Solutions Architect

Your email address will not be published. Required fields are marked *