Work on your core in 2024

A solid strategy for cyber defence in depth has historically been described as like an onion, with each layer representing a different security challenge relating to People, Perimeter, Network, Endpoint, Data and Core. Such layered resilience is designed to ensure that if one fails, there is another to protect the organisation. While this strategy is still applicable, the nature, scale and anatomy of modern cyber-attacks means things can be a lot more complicated today and your technical cyber defences are set to be challenged more than ever.

At the Cyber Centre of Excellence (CCoE), we prefer to consider defence in depth less as individual layers but more as interlocking bricks in a wall, each providing increased strength to the other. For example, consider the effect people can have on your technical defences, on one hand they can be your strongest asset, but on the other they can be your weakest link. Even the strongest firewall defences are worth little if a member of staff downloads a piece of malware or succumbs to a phishing attack and/or provides important security credentials. In this way, training and password management are as important as selecting the right firewall or Endpoint Detection and Response (EDR).

The advent of Artificial Intelligence was hailed by many as being a boost to the cyber defence industry, with potential improvements in network security and fraud detection. But it appears to have boosted the attackers far more than the defenders, increasing the speed and complexity of attacks, optimising phishing through vastly improved social engineering techniques, affording access to malicious code to more, less skilled attackers and providing the ability for automated malware to be executed at scale.

Despite many organisations adopting a defence in depth approach, the challenges for those responsible for organisations’ IT security are increasing. Daily headlines remind us that cyber-attacks are becoming more frequent, more sophisticated and are regularly breaching defences of even the largest and supposedly best-protected organisations. The proliferation of polymorphic malware, which, as soon as it hits, changes time and again to avoid detection, is proving to be too difficult for EDR systems to defend against, leaving the data and systems at your Core – the place containing your mission critical data and operations – highly vulnerable. If cyber attackers manage to reach your Core – their ultimate aim – it is like giving them an ‘access all areas’ pass to the crown jewels.

Of course, you must have robust physical, technical, and administrative processes and controls in place, but if there is one ‘brick’ that can be strengthened more than others to protect your Core it is Endpoint Security.

We are all used to having an EDR in our defence wall, even the standard Windows Defender, which comes as part of all Windows 10 and above installations and is an effective defence tool against many cyber-attacks. However, to defeat the latest zero day and polymorphic attacks, an additional, different technology is required – one which, unlike EDR, does not rely on detection or pattern matching technologies but instead controls and guards your systems, monitoring malicious access to the Operating System process, memory and registry and prevents malicious program execution.

AppGuard, a patented zero-trust endpoint protection technology developed in the US defence environment, is that technology and it has been made available at subsidised prices through the collective purchasing power of the CCoE.

If you’d like to find out how AppGuard can protect you from the latest threats, please contact enquiries@ccoe.org.uk or visit www.ccoe.org.uk

Colin Jupe is a member of the CCoE Advisory Forum. He is the CEO of Assurity Systems, a company which provides advanced cyber security solutions to a variety of sectors, including local government. Assurity Systems is the European distributor of AppGuard, a patented zero-trust endpoint protection technology developed in the US defence environment.

Subscribe to Our Cyber Comms

Get content like this delivered directly to your mailbox.

By subscribing to our cyber-communications, we can keep you up to date on the latest in cyber-protection. Click on the button below to subscribe.