What does "layered security" really mean?
The idea of “layered security” is central to some of the most relevant ideas in cybersecurity today – it's a way to understand the philosophy behind moving beyond the perimeter in cybersecurity defense.
At its core, layered security means adopting an approach using various different security tools that address different possible vectors of attack. Some experts use the phrase “defense in depth” to start to describe and define how layered security works.
Another way to think about this is with a kind of chart or drawing of attacks coming from all sides against a physical container, with sensitive information or assets at its core. Rather than just having one strong outer perimeter, a layered security approach would add layers inside that perimeter. The theory is that any attacks that penetrated the perimeter would be slowed down or mitigated by other layers inside, so that fewer and fewer attacks reach the inner core of the system.
In computer science, this works a bit differently, but the core idea is still the same. Cybersecurity experts will add tools like anti-virus and anti-malware programs, as well as hashing and encryption systems, multi-factor authentication systems, and deep inside the network, things like threat assessment tools and detailed audit logs for various kinds of network activity. Part of the new frontier of layered cybersecurity is the idea that machine learning tools can work to differentiate suspicious network activity from other routine and legitimate network activity.
It's important to avoid confusing the term “layered security” with terms for the build of a network or system. For example, a network is comprised of various OS “layers,” but that's not what layered security refers to. Likewise, encryption for internet activity utilizes Secure Sockets Layer or SSL and Transport Layer Security or TSL, but although these encryption technologies may have multiple layers, this is not what most IT experts are talking about when they talk about layered security. Again, they're addressing that key idea of building systems that have different security layers in them, to minimize the success of cyberattacks.
Another example is the use of a firewall at the perimeter of a system, along with endpoint security protocols, but also combined with inner resources such as vulnerability scanners, interior threat assessment tools, and network segmentation tools that all helped to close off or isolate attacks that have made their way inside the system.
Some experts will also compile sets of words to describe their own layered security concepts – for instance, Rob Sobers, a Quora poster, defines various applications of network layers including including the “human layer,” the “physical layer,” the “endpoint layer,” the “network layer,” the “application layer” and the “data layer.” A reference guide to layered security goes into more detail about this particular layered security concept.
One of the biggest new applications to layered security is artificial intelligence. Scientists are trying to harness the power of emerging artificial intelligence and apply it to cybersecurity, as mentioned above, with heuristics tools, combined with audit logs that will look at network behavior and try to predict which user events may constitute a cyberattack. These tools have gone a long way toward refining and improving network security for systems.