Connect with us

Hi, what are you looking for?


Management & Strategy

Skill: The Most Important Layer of Defense in Depth

In Network Security We are Always in a Battle of Wits Against the Attackers…

This week marks the official start of a new school year and all that comes with it. Personally, I was always in that strange group of kids that looked forward to the beginning of school.

In Network Security We are Always in a Battle of Wits Against the Attackers…

This week marks the official start of a new school year and all that comes with it. Personally, I was always in that strange group of kids that looked forward to the beginning of school.

Of course a new year always presented an opportunity for a fresh start, but more than that, the beginning of school brought that unique blend of excitement and apprehension that comes when you are forced to learn something completely new. It may not always be fun, but we all recognize as a culture that education is critical to our success, and as individuals we emerged more prepared and capable of handling new challenges.

Importance of Skilled Staff in IT SecurityThis is why I think it is particularly ironic that education and training has gotten short-shrift in many IT security organizations. Needless to say information technology is one of the most rapidly evolving disciplines on the planet where new devices, applications, networks and technologies seemingly spring up over night. IT security has the Sisyphean task of making sure all that new technology actually works, without putting the enterprise at risk. It seems pretty clear that the professionals responsible for security are continually learning and have some of the greatest need for ongoing education and training, and yet in many cases its an area that simply doesn’t get the attention it deserves.

It’s easy to understand how this happens. For more than a decade, IT security teams have been constantly tasked to “do more with less”, which has led to reductions in security staff and a reliance on automated processes. Obviously, being efficient is a good thing, and many of the gains in this area are very real. Yet at the same time, without the human skill and intelligence, those automated systems can simply generate massive amounts of data in lieu of actual understanding.

This is a good time to note that last year’s Verizon Data Breach Report found that 86% of breaches showed evidence of the attack in the security logs, yet only 5% of breaches were detected this way. Data and intelligence are obviously different things and it takes well-trained security professionals to understand and get the real value out of security solutions. Those professionals also need to understand the underlying technologies so that they can make informed product decisions and keep security vendors honest.

It’s also important to remember just how the threat landscape has changed in the past few years. While security teams have learned to run lean and automate, attackers have become well-funded, targeted, and patient. Targeted attacks have become somewhat mainstream, affecting organizations from all industries. Trade secrets, intellectual property or even customer or partner data have all been targeted by attackers. What these attacks all share in common is that they are driven by focused attackers, who go to great lengths to avoid detection. And this is the crux of the problem. On the attacker side, you have flesh and blood human intelligence focused on avoiding detection, and on the IT security side you have fewer humans who are typically overworked and undertrained. This is an asymmetric conflict where the bad-guys hold the advantage.

Ultimately, enterprises can only stem this tide by once again incorporating training and ongoing education into their defense in depth model. Most organizations invest heavily in defense in depth with multiple layers of security controls that each provide additive and complementary value. However human intelligence and skill is still the thing that makes those layers greater than the sum of the parts, and arguably the most important aspect of defense in depth.

Advertisement. Scroll to continue reading.

It’s also important to remember that investing in people doesn’t just mean getting a certification. It also means that we need to ensure security professionals have the time to actually put those hard-earned skills to use. They need to investigate, dig into anomalies, and piece together multiple sources of data in order to see the big picture. Simply knowing how to play chess doesn’t help if you aren’t afforded the time to play the game, and the same is true for security.

Organizations will never have enough people to do all the things that would want in an ideal world, and operating efficiency will always be at a premium. However, we have to remember that in network security we are always in a battle of wits against the attackers, and today the best counter-measure for an intelligent attacker is still an intelligent defender. All in all, focusing on the human layer of defense in depth requires CIOs and CISOs to find the right balance.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...