In cybersecurity, the layered approach is a security technique that involves protecting information systems by dividing them into multiple levels or layers. The advantage of this approach is that it provides defense in depth, which means that even if one layer is breached, the others can still provide protection. Each of these layers has its own set of security controls that work together to create comprehensive security solutions.
The most common layering scheme includes seven layers:
Physical security
Physical security measures such as locked doors and access control systems help to prevent unauthorized physical access to information systems.
Perimeter security
Perimeter security measures such as firewalls and intrusion detection systems help to prevent unauthorized network access.
Internal network security
Internal network security strategy such as segmentation and network access control help to prevent malicious activity from spreading within the network.
Endpoint security
Endpoint security measures such as antivirus software & host-based intrusion detection systems help to protect individual computers & devices from attack.
Application security
Application security strategy such as application whitelisting and application sandboxing help to protect against vulnerabilities in software applications.
Data security
Data security strategy such as encryption and data leakage prevention help to protect sensitive data from being accessed or stolen.
Education
User education and security awareness training programs help to educate users about cybersecurity risks, security tools and best practices for staying safe online.
Layered Security Approach
The layered approach is an effective way to build a comprehensive cybersecurity program. By implementing security controls at each layer, you can help to protect your information systems from the most common types of attacks.
More Layered Security Options
Firewalls
A firewall is a hardware or software device that filters traffic between two or more networks. Firewalls can be used to block all traffic from an untrusted network, or they can be configured to allow only certain types of traffic.
Intrusion Detection Systems
An intrusion detection system (IDS) is a software application that monitors network traffic for signs of malicious activity. IDSs can be used to detect attacks that are already in progress, or they can be used to prevent attacks by blocking suspicious traffic before it reaches the network.
Locked Doors
Locking all doors that provide access to an information system can help to prevent unauthorized physical access.
Access Control Systems
An access control system is a hardware or software device that controls who is allowed to enter a premises. Access control systems can be used to restrict access to certain areas, or they can be used to allow only certain people to enter a premises.
Segmentation
Segmenting a network into subnets can help to prevent malicious activity from spreading. By isolating different parts of the network, you can help to contain an attack and limit its impact.
Network Access Control
Network access control (NAC) is a security measure that controls who is allowed to access a network. NAC can be used to allow only certain people to access the network, or it can be used to restrict access to certain parts of the network.
Host/Endpoint Security
Host/endpoint security features such as antivirus software and host-based intrusion detection systems help to protect individual computers and devices from attack. This can include Mobile Devices.
Antivirus Software
Antivirus software is a type of security software that helps to protect computers and devices from viruses and other malware. Antivirus software can be used to detect and remove malware, or it can be used to prevent malware from being installed in the first place.
Host-Based Intrusion Detection Systems
A host-based intrusion detection system (HIDS) is a type of security software that monitors a computer or device for signs of malicious activity. HIDS can be used to detect attacks that are already in progress, or it can be used to prevent attacks by blocking suspicious traffic before it reaches the host.
Application Whitelisting
Application whitelisting is a type of security measure that allows only certain programs to run on a computer or device. By whitelisting only trusted applications, you can help to prevent malicious code from being executed.
Input Validation
Input validation is a type of security measure that checks user input for malicious content. By validating user input, you can help to prevent malicious code from being executed on a computer or device.
Encryption
Encryption is a type of security measure that helps to protect information from being accessed or modified by unauthorized users. Encryption converts data into a format that can only be read by authorized users.
Data Backups
Data backups are copies of information that can be used to restore lost or damaged data. Data backups can be stored on external storage devices, or they can be stored in the cloud.
The cybersecurity landscape is constantly changing, and new cyber threats are emerging all the time. By using a layered approach to cybersecurity, you can help to protect your information from these cyber threats. By implementing security measures at each layer of the network, you can create a defense-in-depth strategy that will help to keep your valuable data safe.