Use Layered Security Features
Learning Objectives
After completing this unit, you’ll be able to:
- Describe how to specify the structure, behavior, standards, and policies of computer networks and their security features.
- Describe how to implement a layered security approach.
- Explain how technology solutions are deployed across the organization.
Build Business and Technology Needs into Products
Let’s say you’re a cybersecurity architect at a financial institution that wants to transition from an on-premise to a cloud-based architecture in order to develop and deploy banking applications faster and save money on operating costs. How can you help achieve these goals in a secure manner?
You’ve already identified your organization’s critical assets and technology landscape, as well as relevant threats and opportunities for improvement. Now it’s time to start planning the cybersecurity architecture that meets the business and technology needs of your organization. It’s your job to translate your chosen architectural framework into a tactical plan to implement.
First, you specify the structure, behavior, standards, and policies of the computer network, and its security features. Think of this like writing a cookbook. You identify all the ingredients, specify how they will be used, and provide a step-by-step plan to put them together to turn them into a cybersecurity masterpiece.
Architect a Layered Security Approach
In a layered security approach, you place protections not just at the perimeter, but throughout the IT environment. This approach ensures that you do not rely too heavily on any one control to safeguard your resources. This concept is also often referred to as defense in depth.
Traditional security approaches relied on a perimeter approach, putting strong protections at the network boundary and focusing on making sure attackers did not enter undetected. Today, savvy cyber practitioners know that it’s impossible to stop all breaches. This is especially true with the complexities introduced by cloud computing and a mobile, remote workforce that blur traditional network boundaries. Traditional boundary protection approaches also are not effective against insider threats. What’s best is to treat the network as untrusted. You implement a full suite of security controls at various technology layers, to make sure you have the chance to catch adversaries if they slip past perimeter controls undetected. You implement controls at the device, user, and even data level.
Let’s look at examples of common architecture trends and their security considerations.
Architecture |
Description |
|---|---|
Zero trust architecture |
This architecture aims to reduce the surface area for attack by implementing layered controls. Rather than treating a network as a trusted space where everything inside has access and focusing on securing the perimeter, this model puts in place controls at the application and user level. It verifies anything and everything trying to connect to its systems before granting access. |
Containers |
A container is a standard unit of software that packages up code and all its dependencies so the application runs quickly and reliably from one computing environment to the other. Cybersecurity architectures that use containers package software into standardized units for development, shipment, and deployment. This ensures that software always runs the same regardless of the infrastructure. Using a container architecture allows security protections such as firewalls and other hardening tools to be implemented at the application layer. Security operations personnel can focus on proactively eliminating vulnerabilities before they deploy containers. In addition, containers can be made immutable, so that even if an attacker breaches one they will be unable to install or modify software to do their bidding. |
Microservice architecture |
Traditionally, many organizations used monolithic architectures that put all of the functionality of an application into a single process. This meant that scaling the application required replicating the whole thing. Microservices, on the other hand, structure an application as a collection of loosely coupled services, organized around business capabilities. This enables the continuous delivery and deployment of large complex applications, and helps avoid single points of failure and large-scale outages. Each microservice is responsible for a single feature. Similar to containers, instead of having one monolithic system, microservices allow you to build and operate scalable, distributed applications securely. However, it can be harder to secure transactions and distributed communications. This architecture requires developers to play a much more active role embedding security policies when building and deploying applications. In particular, microservices require extra leg work in terms of access control checks. |
Event-driven architecture |
This type of architecture uses events to trigger and communicate between decoupled services, and is common in modern applications built with microservices. An event can be defined as a significant change in state. This type of architecture responds to actions generated by the user or the system. For example, when a consumer purchases an item online, the item’s state changes from “for sale” to “sold”, this is an event. This type of architecture enables services to be scaled, updated, and deployed independently. It also means that if one service has a failure, the rest will keep running. This architecture provides a centralized location to audit your application and define policies, and can restrict which users and resources have permission to access your data. It also enables encryption in transit and at rest. |
Cybersecurity fabrics |
A cybersecurity fabric is an architectural approach to security, enabled by open standards and protocols, that allows an organization to connect and leverage different security capabilities into a unified and coordinated security response capability. Typically, fabric solutions can be easily extended across diverse technology solutions across the organization with third-party integrations all managed within one tool. This is a great benefit when dealing with a large, complex IT environment made up of many different systems that may not easily talk to one another. The fabric provides improved visibility and management of the IT environment. A fabric approach to security assumes that attacks will be successful and cannot be averted. It emphasizes minimizing the time to detect the unauthorized access and the time to isolate the unauthorized actor from doing harm. A security fabric may make use of some of the other approaches discussed here, such as zero-trust, in addition to other tools such as artificial intelligence to automatically prevent threats. |
Intent-based networking |
Intent-based networking is a software that helps translate business policies into network configurations. It allows the cybersecurity architect to configure network changes across the infrastructure automatically, and improves awareness of the network state through data ingestion and analysis. This architecture provides granular insight into users, applications, and devices, with the ability to learn and adapt to network changes. It automates security policies across the entire network, troubleshoots performance issues faster, and detects and mitigates threats, including those in encrypted traffic that are difficult to spot. |
Deploy Your Cybersecurity Architecture
Once you decide on the right mix of security protections for your organization, and where and how they should be implemented, it’s time to start thinking about how to deploy the plan you’ve created. For any particular technology need there are a myriad of tools available. Part of your job as a cybersecurity architect is to advise technology and business leaders in your organization on the selection of new technologies and support migration to new technology environments, such as cloud platforms. To do so, you need to stay abreast of new technology providers so that you can find players in a specific technology space to quickly solve problems. This means you are always learning. You’ll certainly never be bored!
Once you’ve selected a technology solution, you next test a proof of concept before you deploy it across the organization. Think of this as painting a test patch on your wall before painting the whole house. Deploying a cybersecurity architecture is complex, and it’s best to resolve any bugs in a test environment before implementing a technology in your actual organization. This avoids accidentally taking down your company’s network or introducing other problems.
Once you’ve tested and debugged the deployment and implemented in real time, it’s now your job to coach and mentor the organization through using the new technology tools. For example, you might support development teams in designing and maintaining applications using a new containerization or microservices approach. You show them how to secure the new application they want to develop in the most efficient way using the architecture you’ve deployed. This is where you get to see your vision come to life!
Knowledge Check
Ready to review what you’ve learned? The knowledge check isn’t scored—it’s just an easy way to quiz yourself. To get started, drag the function in the left column next to the matching category on the right. When you finish matching all the items, click Submit to check your work. To start over, click Restart.
Great work! In the next unit you learn more about how cybersecurity architects detect risks and monitor the effectiveness of the cybersecurity architecture. Let’s go!
Resources
-
External Site: National Institute of Standards and Technology (NIST) Special Publication 900-53 (Rev. 4) PL-8 Information Security Architecture
-
External Site: Center for Internet Security (CIS): Defense in Depth (DiD)
-
External Site: SANS: Defensible Security Architecture and Engineering
-
External Site: National Cybersecurity Center of Excellence (NCCOE): Zero Trust Architecture
-
External Site: Open Web Application Security Project (OWASP): Security in a Microservice World
-
External Site: Amazon Web Services (AWS): What Is an Event-Driven Architecture?
-
External Site: Fortinet: Security Fabric
-
External Site: Gartner Blog Network: Intent-based Networking
-
External Site: Foresite: Using Secure Containers for Cybersecurity
