- 1.866.352.6691 | INTL 1.512.821.6000
Verifying Your Defense in Depth Strategy: From Hannibal to Today
Imagine standing on the battlefield in Cannae (Italy) in 216 B.C. during the Second Punic war. The Roman army has deployed 87,000 troops to crush Hannibal (see image) once and for all, but Hannibal had a different plan. He started to encircle the Roman army all at once, eliminating a central point of attack. This strategy slowed the Roman army down just enough to allow Hannibal's troops to pick them off one at a time. The Battle of Cannae is one of the most celebrated military feats and was one of the first recorded examples of "defense in depth".
Today we use Defense in Depth as a technical implementation strategy in order to slow down a network attack, buying you time to eliminate the threat and reduce the probability of a single-point of security failure. The logic remains the same as Hannibal, but the effective deployment of a Defense in Depth strategy can be very challenging. You not only have to eliminate potential gaps and have a variety of systems work together, but you must also sustain performance levels for applications and services. Hannibal had it easy dealing with 10 Roman Legions!
Search around on Defense in Depth and you'll find some terrific white papers, including this overview from the NSA, outlining the strategy and supplying some best practices. Unfortunately, information on how to properly verify that your implementation is going to actually work is not readily available. Verifying Defense in Depth involves not only examining the plan and using best practices, but also simulating a global network; the good, the bad, the ugly and the unexpected. This traffic simulation must then be thrown at both the individual defenses and the network as a whole. Rome could have used some more realistic battle simulations prior to Cannae, the outcome would have been different!
On this topic, BreakingPoint is hosting a webcast on September 17th, "Operational Management and Cyber Simulation Techniques to Verify Your Defense in Depth Strategy" with an amazing panel of experts. Details for the event are below, including the link to registration.
Event Details:
- Topic: Operational Management and Cyber Simulation Techniques to Verify Your Defense in Depth Strategy
- Date: September 17, 2009
- Time: 1:00pm CDT
Panel of Experts:
- Dennis Cox, CTO, BreakingPoint
- Jeff Lake, vice president of federal operations, Fortinet
- Bruce Brody, Managing Partner and Executive Vice President, VISKO
During this webcast you will learn how to use the latest operational management techniques and cyber simulation to verify the security and performance of your Defense in Depth strategy including:
- Operational management techniques for planning a Defense in Depth implementation;
- Cyber simulation using real application traffic, live security strikes and line-rate speeds to verify the Defense in Depth implementation;
- How to prevent sophisticated botnets, DDoS attacks and simulate protocol fuzzing in order to recognize malicious or malformed data packets;
- Verifying data leak prevention…and more.
Google+
Tags: