General security

3 Tips for Implementing a Layered Approach to Information Security

December 29, 2017 by Infosec

Contributed by Nathan Gilks, Solutions Director at Deep Secure

Security training and awareness is essential in any organization, but it needs to be coupled with robust security measures. Now more than ever, these measures need to cope with complexity.

Business content is the lifeblood of an organization. It is shared, read, browsed and transacted using complex systems and these are vulnerable. The weaknesses in complex systems are used to conceal content and get it out of an organization. For example, hiding confidential data inside seemingly innocuous reports intended for public consumption. These weaknesses are also used to conceal threats in content and get them into an organization. For example, the vast majority of zero-day threats are hidden inside email attachments and behind web links.

So what can organizations do to better protect themselves? Here are our recommendations for cyber security in the age of complexity:

Tip 1: Divide Complex Systems Into Separate Sub-Systems

Divide complex systems into separate sub-systems that communicate in simple ways. Put the security controls onto the boundaries between the sub-systems where the simplicity means the defenders have the advantage over the attackers.

When it comes to cyber security, one size does not fit all. Some areas of your business warrant better protection than others. In some places a cybersecurity failure will be inconvenient and recovery will be swift, while in others a failure will put you out of business. The answer is to divide your business into zones. This allows you to apply the exact level of control needed to each area of the business. Users inhabit some zones, but others provide a pure compute function.

Some zones will contain your information “crown jewels,” while others will be where you process potentially dangerous data. What the security mechanisms do is control access to these zones and the way business information flows between them. Using a technology like the Content Threat Removal (CTR) platform controls the flow of information content between zones to prevent attacks passing from one to another and stops sensitive information leaking out. Content Threat Removal doesn’t try to detect threats as it assumes all data is unsafe. Instead of bringing in the data, CTR only brings in the business information it contains.

By working at the business level, the platform ensures the business functions efficiently when split into zones, and only attacks and leaks are blocked.

Tip 2: Decompose Outbound Content

To remove the content threat, you have to understand what content is made of. A superficial check is ineffective — it is necessary to repeatedly decompose the structure down to the byte level to hunt down hidden information. Using the Content Threat Removal platform to go this deep is essential, because complexities in application formats mean plenty of opportunities for information to be “lost” in the detailed structure.

Tip 3: Transform Inbound Content

The history of the cyber security industry is one of detection (as exemplified by anti-virus technology) and isolation (using sandboxing technologies). Both approaches have conspicuously failed to address the threat posed by undisclosed/zero-day threats.

Instead, consider using a Content Threat Removal platform. This works by using a process of transformation to prevent undisclosed or zero-day exploits contained in seemingly valid business content from entering a zone. CTR always delivers safe data by extracting business information carried by data and then creating completely safe new data. Only essential information passes over and exploits are automatically discarded.

Cybercrime has the potential to seriously damage the balance sheet, shareholder confidence, brand value, customer loyalty and even the careers of senior executives. If you are intent in avoiding becoming just another cybercrime statistic, you need to consider coupling your training program to the deployment of tools such as Content Threat Removal.

The applications and transport mechanisms we use to access content are complex and vulnerable to exploitation by cyber criminals. There seems little prospect that this will change. Using Content Threat Removal to zone, decompose and transform content will help users stay safe in the age of complexity.

Posted: December 29, 2017
View Profile