Recently, and across subject matter areas, there has been discussion on how to protect and defend against the scourge of cyberattacks. Understanding the application of these words in context is a starting point for establishing the right cybersecurity antidote.
"It's not one or the other, it's both."- The InfoBro
What's a firewall? In the most basic terminology, a firewall is a shield that implements your decisions about what to trust and what not to. Mostly, users rely on the recommendations made by others, a manufacturer or system administrator, to configure the firewall for appropriate protection from the bad guys. A firewall can prevent the bad guys from accessing services offered by your computer or block your computer from accessing things you don't want to allow. Some firewalls block everything for everyone by default and will only forward traffic that you explicitly allow. This is referred to as implicit denial.
A long time ago, especially in Internet time, Steve Gibson spun up a website to help users of the new technology check the protection profile of their computers. The site is called ShieldsUP! and it has had an impact on the security and privacy of many personal computers. As Gibson states at the website after the success of the service "The direction of my work was changed forever."
"One afternoon, when I was writing ASPI drivers for the world, I realized that I could check the Microsoft Windows file and printer sharing security of anyone who came by our web site. The rest, as they say, is history. The success of ShieldsUP! focused my attention upon the growing problems of Internet security and privacy. The direction of my work was changed forever." ~ Steve Gibson
Firewalls can be in hardware or software, however, and provide strong protection. Like a knight's armor and shield, a firewall is a fixed and critical level of protection from the adversary, but it's only part of a strategically developed defense.
Although protection and defense are quite similar by definition, they differ slightly but significantly as it relates to context in cybersecurity.
Defense is the active and continuously evolving strategy, using all available methods of protection, in a coordinated and effective way, to prevent breaches and compromise. Yes, defenders protect but they are not, or should not necessarily be those that configure the platforms to implement the defense strategy. Using this methodology allows for free thinking of the defender to analyze and evaluate weaknesses in protection and plan for the future state of better protection in the aftermath of remediation from successful threat actor assault.
The cyber kill chain is a conceptualization of how an attacker proceeds to breach a system. The term "defense in depth" means the layering of various methods of protection developed into a defensive strategy that thwarts an attacker "left of bang" (exploitation). In other words, as early in the kill chain as possible. But also, defense in depth, informed by other measures of risk evaluation, is intended to prepare for the remediation that follows from a successful exploitation of vulnerabilities, whether those vulnerabilities are technology based or due to human factors.
As with threat actors, cybersecurity defenders must prepare for the inevitable. This is key. Risk management is an essential aspect of defense. You don't need a bottomless pit of money to provide a strong defense, although it helps, but what is required is continuous planning for the future. And recognize, nothing is fool proof, because fool's are always very ingenious.
Don't lose perspective. It's not only about protection it's about how protection is used for defense. Keep in mind that no matter how many firewalls and how much malicious software detection you employ there will be a threat actor that can thwart those protections through various and novel means. The proper perspective one that can make the whole thing work in your favor is based on proper context, risk management and planning for the inevitable breach but working toward the future and the best defense..
Defend, Stay safe. Like, Subscribe
When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.