Talk to an expert
BLOG

Four Pillars of Network Security

By Lumifi Cyber  |  January 1, 1970

Every organization is working hard to possess a "strong security posture." But what does that mean? A strong security posture, means you possess a healthy quantity and quality of Information Security Experts (Human Beings) and Information Security Tools (Technology/Products). Information Security Experts are leveraging Information Security Tools to prevent attacks before they happen, protect the organization in case an attack does happen, detect attacks that go unnoticed, and respond accordingly.

Every security posture is built on four pillars:

1. Prevention - preparing and training before a threat/attack 

2. Protection - stopping a known threat/attack

3. Detection - detecting an unknown threat/attack

4. Response - taking action towards a threat/attack

Prevention

What does, "Prevention," mean in Information Security? Prevention focuses on preparation, simulation, testing, and training. The goal of Prevention is to educate your employees on common attacks, and hopefully through that training and simulation they will be more prepared to handle real life attacks. Prevention for example includes:

  • Employee training - How to Identify...
      • Phishing
      • Malware
      • Social Engineering
  • Penetration Testing - Hiring a Certified Ethical Hacker to "hack" a specific network/system and expose potential vulnerabilities in order to show you how to prevent this type of attack.
  • Vulnerability Assessment - Scanning your assets to discover which ones are vulnerable to an attack, and which devices have not been patched.
  • Table Top Exercise - Hiring a team of Information Security experts to sit down with your key stakeholders and simulate an attack and expose the type of response or lack there of.

Prevention always gets a lot of attention because the idea of stopping an attack before it starts sounds awesome in theory. However, the reality is Prevention has failed because no amount of training can prepare an organization for an attack they never saw coming. The threat landscape is so dynamic that it is literally impossible to stay ahead of the latest attack vector. This is one of the many reasons why there is no silver bullet in Information Security.

Protection

What does, "Protection," mean in Information Security? Protection focuses on stopping a known attack. The goal of Protection is exactly that, to protect you from a known threat by being able to take action before, during, or after an attack to secure the organization. There are hundreds of products and tools that claim they can block threats or stop an attack, and while some of them do work it is often contingent upon several factors. The idea of stopping an attack is an appealing one because it makes us feel like we have control. The reality is "Protection," is elusive and there are an infinite amount of ways an attacker can get through or go around a Protection tool. Furthermore, anytime you start dealing with tools or products that can block network traffic, it can potentially have an impact on normal business processes. Protection for example includes:

  • Firewalls
  • Antivirus
  • Endpoint Protection
  • Geo-blocking
  • DNS Filtering

If Prevention and Protection were enough to stop Cyber attacks; Information Security wouldn't be the fastest growing sector in Tech, and more specifically, Detection and Response wouldn't be the fastest growing sub-sector in Information Security.

Detection & Response

The fact is, Detection and Response have been deemed the highest priority by almost all Information Security Professionals. All of the organizations that were breached in the past had a Prevention and/or Protection tool in place and they still fell victim to an attack. Which is why most organizations have accepted the fact that they can not prevent and protect against attacks. In fact, their resources are better spent detecting an attack and responding accordingly, as opposed to having a false sense of confidence. Detection and Response tools are known as:

  • SIEM - Security Information Event Management
  • SOAR - Security Orchestration Automated Response
  • Log Management - Storing and managing logs
  • IDS - Intrusion Detection System
  • UEBA - User Entity Behavioral Analytics

The root of the problem

The challenge is most organizations don't have the resources to focus on every aspect of Information Security so they have to start prioritizing which pillar they would like to invest in and which one they want to outsource. There are three ways of achieving a strong security posture.

  1. Build it in house
  2. Outsource it
  3. Combination of both

For most organizations leveraging a combination of in house security practices and outsourcing the more complex and expensive practices is the perfect blend. Outsourcing can be confusing because Information Security is already a complex topic, but on top of that, for the past 15 years it has been a booming industry and it has attracted a lot of well funded organizations who have all spawned their own catch phrase. "SOC as a Service," "MDR (Managed Detection and Response)," "MSSP (Managed Security Service Provider)" and my new favorite, "Threat Hunting." All of these phrases essentially mean the same thing. It means you have a human being or a team of human beings who are experts in Computer Networking and Information Security and they leverage a set of tools/technology/products to detect unknown threats to an organization and respond accordingly to ensure the organization stays secure.

The solution

Organizations who focus on Prevention and Protection in house, and outsource Detection and Response have the strongest security posture, with the most amount of control and the least amount of capital expenditure.

 

By Lumifi Cyber

Topics Covered

Share This

Subscribe for Exclusive Updates

Stay informed with the most recent updates, threat briefs, and useful tools & resources. You have the option to unsubscribe at any time.

Related Articles

Privacy PolicyTerms & ConditionsSitemapSafeHotline
magnifiercrossmenuchevron-down