Defense-in-depth applies layers of controls and mitigations to systems and networks, providing redundancy and reducing the likelihood of a successful cyberattack or a single point of failure.
Defense-in-depth applies layers of controls and mitigations to systems and networks, providing redundancy and reducing the likelihood of a successful cyberattack or a single point of failure. Many U.S. State, Local, Tribal and Territorial (SLTT) organization networks are already protected by cybersecurity technologies. But while technology plays an important role in protecting SLTTs, it is only one layer of the defense-in-depth strategy. Simply stated, technology alone isn't enough.
A defense-in-depth strategy protects the confidentiality, integrity, and availability of the network and the data within. It is beneficial to adopt this strategy because it:
While no individual mitigation can stop all cyber threats, the systems in a defense-in-depth strategy provide protection against a wide variety of threats while incorporating redundancy in the event one mechanism fails. When successful, this approach significantly bolsters network security against many attack vectors.
A defense-in-depth strategy requires a wide range of security best practices, tools, and policies that strengthen an organization's security posture. Some of these tools include firewalls, an intrusion detection system (IDS) or intrusion prevention system (IPS), endpoint detection and response (EDR) software, and more.
While government organizations recognize the importance of incorporating crucial mechanisms to enhance their cybersecurity, time and resources are always a challenge. Obtaining services from outside sources may be necessary in order to build a strong cybersecurity program.
For example, U.S. SLTTs can join the Multi-State Information Sharing and Analysis Center (MS-ISAC) at no cost. The MS-ISAC is designated by DHS as the cybersecurity ISAC for SLTTs. It provides services and information sharing that significantly enhances SLTT governments’ ability to prevent, protect against, respond to and recover from cyberattacks and compromises.
The Center for Internet Security (CIS), in partnership with Accenture, provides Managed Security Services (MSS) to help U.S. SLTT organizations improve their cybersecurity. These services monitor SLTT devices for signs of malicious or anomalous activity, eliminate false positives, and escalate only actionable items as an alert. This alleviates alert and log fatigue by filtering out all of the false positives and only “alert” on what is impactful. The elimination of false positives saves an organization time and effort in reviewing potential threats. As a result, organizations spend more time focused on their core mission and less time worrying about cybersecurity.
Benefits of MSS from CIS include:
MSS provides a valuable expansion of insight, saves time and resources for government organizations, and alleviates information fatigue, all while supporting a defense-in-depth strategy.
Never miss a story with the daily Govtech Today Newsletter.
This content is made possible by our sponsors; it is not written by and does not necessarily reflect the views of e.Republic’s editorial staff.