Enterprise cybersecurity is not one thing, it is in layers
I find myself talking to customers that are struggling with what is needed for an enterprise-wide cybersecurity solution. So, I hope this blog can help.
In the old days (I am not that old but in the early networking days) perimeter security (firewalls, routers, intrusion prevention systems) was the focus of security to keep outsiders from getting in. Then network security including segmentation and VPNs came into the picture. Years later Identity and Access Management (IAM) including authentication and authorization was introduced. And more recently, (again, I am not that old) Endpoint Detection and Response (EDR), application security, encryption, Data Loss Prevention (DLP), and even more recently SIEM and cloud security were added to the mix.
So, enterprise cybersecurity is not a “one-trick pony”. Implementing multiple layers of security, also known as defense-in-depth, is a fundamental strategy in cybersecurity. It involves deploying various security measures across different levels of an organization's infrastructure and systems. Each layer adds a barrier that cyber threats must overcome, thereby reducing the risk of a successful attack.
When I am asked if adding EDR will protect the organization, my answer is partially. You need to consider your specific environment and strategize on a comprehensive solution. Here are some examples of what needs to be implemented, maintained, and monitored above and beyond EDR: cloud (AWS, CGP, Azure), firewalls, routers, switches, email security, web security, and more. I also highly recommend a robust backup and Disaster Recovery (DR) solution as well as phishing training and awareness for users. You would think that might be enough, right? No. I would also suggest adding Continuous Vulnerability Scanning, tools to map to compliance requirements in real-time, external attack surface analysis and protection, and network traffic analysis and alerting for suspicious behavior. And the list will continue to grow as new security technologies enter the market. Pretty long list, isn’t it?
So, the answer is that cybersecurity defense is in layers. A trusted partner can help you strategize based on your specific needs and budget, and to help develop a roadmap to get to the ultimate goal: protecting your organization from cyber attacks and recovering quickly if there is a compromise.
My final comment is that if you think that it is unlikely that you will have a cyber attack, market research and statistics show otherwise. For all we know you may already have a quiet threat cell in your environment already and waiting for the right time to get triggered. Taking action now and having a comprehensive cybersecurity strategy and an implementation roadmap is how we can achieve enterprise cybersecurity protection.