Defense in Depth v. Defense in Diversity

Cyber Security Teams serve an important role in maintaining the security and availability of the mission critical information systems that drive the majority of medium and large businesses.  The combination of a staffing constraints, evolving cyber risks, business growth, and technical debt has forced many security practioners to choose which priority projects to work on. All too often this leads to business delays, compliance violations, employee burnout, and/or data breaches.

Defense in Depth has long been a critical security design that involves a series of security controls. The good analogy is that of securing your home. You may start with a gate and fence around your home. Should a would-be thief manage to hop the fence, he needs to figure out how to gain entry through a locked door. If he proves up to the task and defeats the lock he must then contend with an alarm, the family dog and finally a safe, before he can escape with your grandmother’s pearls. The more hurdles in play, the more likely the bad actor will be deterred, detected and/or stopped. This is Defense in Depth. But does it work? Anyone on the frontlines will agree that it does, but it is not fool proof, and its challenges are many:

• Labor expense/inefficiency resulting from the volume of tools security teams must become experts in.

• Asking your team to be a jack of all trades and master of non, can be stressful and lead to mistakes and burnout.

• Lack of Integrations. Traditionally these tools have not worked well together, requiring countless hours/months/years stitching them together within a SIEM.

• Longer investigations and response times.

• Inefficiency of managing many vendor relationships.

• Licensing costs.

Fortunately, a few established security providers have recognized these issues and through development and/or acquisition begun offering comprehensive cyber solutions that provide the technical toolset to address EDR, DLP, IPS, SOAR, Firewall, Remote Access, and Vulnerability Management within a single, integrated ecosystem. Many CISO’s will argue having your eggs in one vendor basket is in itself a security risk. To some degree this is true. My counter to that would be to look at the PR actioners volume of data breaches. They are only increasing. Objectively consider whether the 10 bespoke products in your Defense in Depth strategy are working as they should? Do you have the right people administering them? do they give you a clear picture of what is going on? Do they allow you to take immediate and effective action? Could you free time for yourself and your team if you had fewer relationships to manage, fewer invoices to pay? Would the efficiencies of consolidation enable you to be more focused on new business initiatives and ultimately more successful in your goal of mitigating cyber risk?

If you have renewals coming up, I encourage you to consider evaluating your existing toolset against a comprehensive solution. Providers will be eager to give you trial licenses for 30-60 days. Ample time to configure and evaluate side by side with the help of Red-Team/Purple-Team. With the right partner I expect you will realize the benefits of improved detection, efficiency and simplicity. You may even find you make it home in time for dinner a few times a week.