The last year has taught everyone the importance of protecting ourselves and our loved ones from a dangerous and contagious virus. We have learned to be more aware, more careful, and to prioritize our protection from COVID-19. The lessons we’ve learned from the pandemic about protection can also be applied to cybersecurity through the approach of Defense in Depth. Through this information security approach, security professionals assure multiple, redundant layers of security controls to protect critical assets, information, or applications.
Just as the population has used several layers of defense (face masks, hand washing, social distancing) to protect our most valuable asset—our bodies—security professionals can use the same idea to protect applications, critical assets, and sensitive data. By implementing the idea of Defense in Depth, we can minimize the number of data breaches and hacks that take place.
SAST as a First Level of Defense
The first level of defense we have developed against COVID-19 is to wash and sanitize our hands regularly to eliminate any germs before they can do any damage. In the world of information security, washing your hands can be compared to Static Code Analysis or SAST-Static Application Security Testing. SAST is used to find the vulnerabilities in the source code, such as SQL Injection, Cross-Site Scripting (XSS), Buffer Overflow, and other vulnerabilities that can be exploited to gain access to a system. Security professionals must identify and fix these vulnerabilities before the code is deployed to avoid any potential attacks.
After washing our hands, our next layer of defense is to limit the interaction with people outside of our household. This strategy is not unlike Access Control, which is crucial in protecting critical assets. In this practice, every user must be authenticated before they can access any asset and they are only authorized the minimum access needed to perform a task. Some organizations, especially financial institutions, are taking Access Control a step further and sending a code to the user’s phone to further authenticate their identity. Very similar to taking temperature before allowing entry during pandemic! This practice is called Multi-Factor Authentication (MFA), where organizations can use one or more methods of authentication beyond a username and password to grant access to a user. Information security professional must not underestimate the power of MFA in protecting critical assets, especially when accessing the administrator accounts.
Virtual Private Cloud
When COVID-19 was beginning to spread, health officials recommended we isolate those who would be most affected by the virus—the elderly and those with weak immune systems—and only allow interaction with members of their household. In terms of information security, we can compare isolating the most vulnerable to keeping our critical assets in Private Subnet, which are back-end servers that do not have public IP addresses, within a Virtual Private Cloud (VPC). A VPC is a private cloud environment contained within a public cloud, which isolates sections of a public cloud to provide a virtual private environment. Security professionals can allow access to these assets by using jump box (bastion host) or using IP AllowedListing. As a security professional, you must think about isolating your databases and application servers in the private subnet (also known as a secured zone) and only allow internet (external) access to webservers.
Web Application Firewall
Face masks have become part of our regular attire when we leave our home. It’s a strong layer of protection that keeps the virus from entering your body through the nose or mouth. Like face masks, Web Application Firewalls (WAF) protect applications from viruses that can compromise precious data by filtering, monitoring, and blocking HTTP traffic. To extend the depth of the defense, some people may use a face shield in addition to their face mask, which can be compared to having a network firewall. A network firewall is a network security system that creates a barrier between a trusted network and an untrusted network, such as the Internet. The combination of a WAF and network firewall gives organizations solid control over what traffic to block and what traffic to allow.
Intrusion Detection/Prevention System
Monitoring symptoms—fever, cough, loss of taste and smell—is crucial when being exposed to COVID-19 and deciding whether you need to get tested. Keeping an eye on symptoms is our Intrusion Detection System (IDS). An IDS will monitor a network for malicious or suspicious activity that is then reported to an administrator. Being aware of any suspicious activity in their network can give organizations an advantage and can give them the ability to detect an attack. Intrusion Prevention System on the other hand, prevents the attack from occurring or detecting while attack is in very early stage – very similar to our vaccine. Once you are vaccinated with COVID-19 vaccine, your prevention mechanism is ready to fight against the virus!
The pandemic has created a lot of challenges in cybersecurity, but it has also created an opportunity for security professionals to learn about how to best protect their network by using the Defense in Depth strategy. As the population continues to monitor their symptoms and avoid exposure to the virus, organizations should also continue to monitor their networks and add layers of protection that will keep their data and assets secure.
What measures have you taken to protect yourself from COVID-19 and how they can be applied to information security? Please share your thoughts and experiences or leave feedback on my observations. I would love to hear from you.