Cover image for Modern Defense in Depth

Modern Defense in Depth

Author Stephen Gates
Release Date: 2019/04/01
ISBN: 9781492050360
Topic:
0%
10
Chapters
0-1
Hours read
0k
Total Words
    Start Reading Now    
       Add to Wishlist       
View table of contents

Book Description

Despite deploying the latest security technologies, organizations still struggle to defend cloud-based web applications against sophisticated cyberattacks. Many companies have turned to the popular defense-in-depth (DiD) technique, but this multilayered approach has its shortcomings. So where is the industry headed next? This insightful ebook demonstrates a new approach to DiD that enables current security tools to operate in concert rather than independently.

Stephen Gates, edge security evangelist and SME at Oracle Dyn, shows you how companies can establish integrated lines of defense similar to the way in which modern militaries operate on the battlefield. By the end of this book, CSOs, CISOs, security managers, and other professionals will understand how to implement the recommendations in this book today using the security technologies they already have in place.

With this ebook, you’ll examine:

  • Why today’s security technologies alone aren’t enough to protect web applications
  • How the existing approach to DiD for cybersecurity falls short of its goals
  • An example of how the modern military uses integrated lines of defense that work in concert
  • Eight lines of defense—including edge routers, DDoS defenses, and WAFs—that are best for protecting cloud-based web applications
  • Ways to use automation and supervised machine learning to integrate your security approaches

Table of Contents

  1. Preface
    1. Why This Book
    2. The Audience for this Book
    3. What You Will Learn
  2. 1. What’s Not Working, and Why?
    1. Expense and Complexity of Solutions
    2. Attackers Understand How Security Technologies Work
    3. This Approach Is Not Adequately Protecting Internal Users
    4. This Approach Is Not Adequately Protecting Internet-Facing Web Applications
    5. Noise, Noise, and Even More Noise
    6. Integration Is What’s Missing with This Approach
    7. Conclusion
  3. 2. Learning from Military Defense
    1. Military Usage of Defense in Depth
    2. Cybersecurity Usage of DiD
    3. Conclusion
  4. 3. Cloud-Based Lines of Defense for Web Application Security
    1. Defensive Line 1: Edge Routers
    2. Defensive Line 2: DDoS Defenses
    3. Defensive Line 3: DNS
    4. Defensive Line 4: Reverse Proxies
    5. Defensive Line 5: Bot Management
    6. Defensive Line 6: Web Application Firewalls
    7. Defensive Line 7: API Defenses
    8. Defensive Line 8: Caching
    9. Conclusion
  5. 4. How to Achieve the Integrated Approach
    1. Cloud Edge and Cloud Core
    2. Integrate Like a Modern Military
    3. How Integration Is Achieved Today
      1. Method One
      2. Method Two
      3. An Approach Similar to the Modern Military
      4. The Importance of Synergy
      5. Common Example
      6. Value of Intelligence
    4. Comparing On-Premises SOCs and Outsourced SOCs
    5. Conclusion
  6. 5. The Future of Defense in Depth
    1. What the Future Holds
    2. Using Good Bots to Your Advantage
    3. In Conclusion
3.21.76.0