Bad actors are constantly coming up with ways to evade defensive techniques put in place by government agencies, educational institutions, healthcare providers, companies and other organizations.
To keep up, network security needs what’s known as “defense in depth” — a strategy that leverages different security solutions to provide robust and comprehensive security against unauthorized intruders.
Think about securing your house — locks on your doors only protect your doors. But if you have locks on your doors and windows, a high fence, security cameras, an alarm system and two highly trained guard dogs, you have what we call “defense in depth.” The same goes for networks. When it comes to building a defense-in-depth strategy for your network, the first and most important feature is visibility — knowing what is on your network.
Why Visibility? Because You Can’t Protect What You Can’t See
If you can’t see it, you can’t protect it — it’s obvious if you think about it.
Without understanding the devices, hardware, software and traffic that are running on a network, security professionals are working with one hand tied behind their back — forced to react to threats as they arise from unknown vectors instead of being able to pre-emptively manage and control the threat surface as a whole.
Indeed, without this kind of visibility, we have no idea how large the attack surface even is. Every device that we can’t see is a security threat — whether intentional (a malicious actor) or not (an unpatched device) — and defense in depth becomes impossible.
The ‘Eye’ in DDI
With visibility, we typically talk about being able to understand the end devices that connect to a network — computers, smartphones, IoT devices and the like.
To get this kind of visibility, we can use IP Address Management (IPAM) — which together with DNS and DHCP is one of the core network services that make up DDI — to get a comprehensive picture of who is connected to the network.
Technically speaking, IPAM is a database of the allocated IP addresses across a network which, over time, lets you see who had what IP address and when. IPAM is a critical part of defense in depth.
This information gives us the ability to hunt down alerts and quickly figure out which device is generating malicious traffic, allowing us to rapidly resolve the threat.
Understanding the Attack Surface
Knowing what devices are connected to your network is only part of the visibility story. The other side is knowing what devices make up your network — the switches, routers, access points and other physical hardware that enables devices to connect and share information with one another. This threat vector is often forgotten or overlooked simply because these devices are often put into the network, set up and forgotten. They don’t need much attention because they just need to work.
But understanding them is extremely important to a defense-in-depth strategy. The networking team needs to be able to install, configure, update and secure these devices, but the security team also needs to be aware of what is out there and how it is protected.
