The Biggest Threats to Your Security Network - #2
#2. The "One-Big-Wall" Security Structure
It is in no way defeatist to say, though it's likely no fun to hear, that at some point, the big, bad outer wall of your security will be breached.
So the point of building your security must be centered on a belief that technology and staff are equally fallible. At some point, something is going to get through - no matter how much confidence is inspired by your slick new software. This assumption is where security work begins. A strong security solution is one that does not rely on one, unscalable wall; strong security is built will fallbacks and stops within each wall.
The problem is, most security networks are not built like a fortress. They're more often built like an egg: an extremely hard layer of security and nothing beyond it to protect the soft inside.
Ideally, getting through the first wall of a security setup shouldn't get a hacker much access. In our work as a security assessment service, we find that most networks, once breached, are wide open within. Once a malicious entity get a foothold inside, they'll be able to get access to anything they need or want.
In layman's terms, security should be provisioned in layers. After gaining something like username/password access into your inside network, intruders should have to jump through hoops to get in deeper. Detection policies should be set up at each level to catch and eliminate malicious presences.
Essentially, if you're spending all of your resources on your outer wall, you're making a dangerous gamble that will likely grant a free lunch to any hacker that makes it through.
Rather than expending 100% of your time and resources on keeping a hacker from getting in, steps should be taken to stop a hacker who has already gotten in.