Defense in Depth – The Importance of Leveraging a Network Digital Twin

January 14, 2021 by Leslie Provenzano

There are many layers of security involved in protecting a network and building out the cyber defense strategy. Security layering is both important to implement and complex to manage.

Today we will discuss a defense in depth strategy focused on risk mitigation using a network digital twin.

Defense in Depth and Risk Management

First, let’s dive into what we mean when we talk about layers, or, defense in depth. Defense in depth is an assurance strategy for IT systems originally developed by the National Security Association and named after a well-used military tactic that involves slowing down an advancing enemy using multiple barriers. Employing defense in depth involves a few core tactical elements. For one, there is a concept that defense in layers creates redundancy in case of failure of one or more barriers. For another, there is the concept that multiple defense layers reduce the probability of a breach by requiring more time, effort, and resources on behalf of a would-be attacker, thus acting as a deterrent.

All these elements can be modeled using a network digital twin.  A network digital twin is a virtual representation of a communication network which accurately models the devices, communication links, operating environment, and applications running on the network. A network digital twin can play a major role in the planning and deployment of an effective and cost-efficient defense in depth strategy for a variety of IT systems – from battlefields to financial services and critical infrastructures.  Using a network digital twin, operators and planners can safely experiment with different solutions of a proposed defense in depth strategy, and determine the optimal configuration for protecting their networks.

A network digital twin directly supports migration towards a risk management approach for mission-critical systems. In the past, the concept of risk avoidance used to be the primary driver for an organization’s cybersecurity strategy. First, cyber attacks have become more advanced and hackers more sophisticated. Malware is easier to deploy and phishing is more common than ever before. Ransomware, data breaches, email spoofing, man-in-the-middle attacks, domain hijacking, zero-day exploits, advanced persistent threats – there is a new villain every day. Second, network systems are changing in a way that increases vulnerability. In the days of physical data centers, a basic firewall combined with some physical security like badges and door locks would be sufficient. Now, information stored online in the cloud creates new, mounting risks. Throwing web apps, mobile work, and the Internet of Things into the mix opens up new types of vulnerabilities that can be more easily exploited to gain an entry into otherwise securely protected corporate IT networks. Even a single vulnerability could be exploited in many ways.

Given  the rapidly changing landscape of cyber threats, our goals must shift from total security towards a risk management and risk mitigation stance and away from total protection of the IT system and towards minimizing impact on business- and mission-critical operations. What’s the best scheme to guard the privacy and accessibility of the network and data? How can operators and planners determine the optimal configuration for their network so as to best balance the needs of security and accessibility by authorized users?   Once again, a network digital twin provides a cost-effective tool to make such assessments prior to an expensive and potentially disruptive deployment.

Why Layers are the Answer

Perhaps the most difficult aspect of following cybersecurity best practices – or any best practice – is that it’s a moving target. Methods and tools are constantly evolving. The good news is that defense in depth takes this into account. The approach presupposes that no single technique can shield against every type of attack. Defense in depth means securing each potential point of compromise using several varying – and sometimes overlapping – methods. Depending on multiple levels of defense both decreases the probability of a breach and increases the likelihood that unauthorized actions will be detected.  A primary challenge with effective use of defense in depth becomes evaluating the different layers, testing them, and adjusting them as needed to improve the defensive posture .

Let’s look at an example to understand how the tiers can come together to protect a networked system, and also how such a method may create operational obstacles for the attacker. For network security, if a firewall is penetrated the offender can be detected and stopped using an Intrusion Protection System (IPS). If this second layer fails, the attempted malware install can be removed by an antivirus platform. A firewall, IPS, and antivirus software work together as three layers of security greater than the sum of their cyber-parts. A web security example may look a little different, where a protection plan might translate into using a web application firewall alongside antivirus and antispam security tools. So, in creating a secure network, different components must now be managed in sync – IPS, firewall, antivirus, and antispam in this case.

Benefits of a Network Digital Twin

A network digital twin serves as an effective planning, training, and assessment layer to maintain and enhance the security of the IT system. By creating a network digital twin, all aspects of the system can be tested and all personnel can be trained in a safe environment. The interactive twinned system allows for precise evaluation of performance, scalability, and resilience. It’s a layer that can be wrapped around all others to appropriately balance system responsiveness, performance, and security.  After all, defense in depth is not a specific set of tools deployed in a certain way, it’s a philosophy toward how security investments should be optimized and adjusted – so every system is unique.

Organizations need to first evaluate, then decide on the best custom set of layers for protection. The initial step is to audit all devices, files, applications, and personnel. Then, assess vulnerabilities based on importance. Isolate the most crucial data and prioritize its storage and access. Next, investigate which security layers are needed to manage risk most effectively. This will likely involve data integrity solutions, behavioral analysis, endpoint detection and secure web gateways. The situation may also call for a combination of patch management, backup and recovery measures, principle of least privilege implementation, encryption, network segmentation. It may even result in Security Information and Event Management or Identity and Access Management programs.

While this may seem overwhelming, using a network digital twin will reduce recurring costs and lead times while providing an easier way to perform analysis, testing, and optimization.. As new protocols, technologies, and demands arise – from 5G to IoT to V2X – the system will adapt and evolve smoothly because potential interoperability issues and vulnerabilities will have been tested and simulated beforehand.

Where single lines of defense and risk avoidance used to be a reliable strategy for cybersecurity, moving confidently into the future means implementing layers of security using a depth in defense approach that aims instead for risk management. As your layers grow, work with SCALABLE’s EXata network emulator software to ensure you are using the easiest way to analyze, verify, and optimize your cybersecurity network.