Chapter 3 – Cyber Security Architecture and Components

Source: https://www.freepik.com/free-vector/cyber-security-concept_4520117.htm#page=1&query=background%20security&position=18

About 30 years ago, cybersecurity had an enviable task, given the small number of devices they had to protect (their job was simple). Today, the use of digital technologies in the work environment is increasing sharply due to the need for enterprises to become more adaptable and agile. It creates a surging number of cyber-attackers who can use to gain access to information/data. Traditional security isn’t enough as threats are becoming more complex. As the global cyber battlefield has dramatically evolved, it is good to get a high-level idea of the cybersecurity architecture.

Security now affects everyone and is no longer solely the concern of the IT department. Security increases interaction between departments to identify what needs to be protected, thus reducing the impact of any unexpected future attack. Cybersecurity stretches its reach out to the edge where data is a moving cyber target – data generated by IoT held on mobile devices, or the data that is generated, stored, accessed in the cloud.

Cybersecurity architecture (a.k.a. cybersecurity architecture, network security architecture, or cyber architecture for short) specifies the organizational structure, functional behaviour, standards, and policies of a computer network that includes both network and security features.

The primary goals of a bona fide cybersecurity architecture are to ensure that all cyber-attack surfaces are minimized, hidden, and dynamic, all sensitive/confidential/classified data is strongly encrypted at rest and all cyber-attacks are aggressively detected, mitigated, and countered. Moving-Target Defenses with aggressive counter-measures are strongly encouraged.

While this course does not aim to provide technical details of the architecture, yet, by the end of this module, you will learn:

Secure architecture (data, application, endpoint, network and perimeter security).
Product/solution perspective (Identity and Access Management, Network Security, Endpoint Security, Messaging Security, Web Security, Security, and Vulnerability Management),
Security technology (Firewalls, VPN, Wireless, Intrusion Detection and Prevention, Other Security Tools (Cryptography)).

The Secure (Cybersecurity) Architecture

Cybersecurity establishments need an adaptive security architecture. It’s a valuable framework to help enterprises classify all potential and existing security investments to determine where they’re deficient and make sure there’s a balanced approach to cybersecurity. Just a competent military commander needs to fully understand different kinds of terrain and the weak points of his forces to effectively defend her troops and territory, a savvy cybersecurity architect needs to thoroughly understand different network topologies and cyber-attack surface vulnerabilities to effectively defend her crown jewel sensitive data and critical applications.

Source: Author designed Image

It is logical to understand security architecture beginning from the outermost layer.

Perimeter Security: The set of physical & technical security and programmatic policies that provide levels of protection against remote malicious activity; used to and protect the back-end systems from unauthorized access. When properly configured, the perimeter defense security model can prevent, delay, absorb and/or detect attacks, thus reducing the risk to critical back-end systems.

Network Security: The layer that partitions the broader network of assets and connections into enclaves; an enclave is a distinctly bounded area enclosed within a larger unit. Enclaves incorporate their individual access controls and protection mechanisms. Network Security layer when properly used can prevent damages to travel from one enclave to others and also sets policies of accesses specific to the enclaves.

Endpoint Security: Security protection mechanisms and controls that reside directly on an endpoint device (final devices such as computers, laptops, mobile devices, tablets, etc.) interfacing with any network or system.

Application Security: Security protection mechanisms and controls that are embedded within the applications residing on the network, enclaves, and Endpoint devices. Examples of such applications could be – MS Office, ERP application, Mobile Apps, etc.

Data Security: The layer of security that protects data in the Enterprise regardless of the data’s state, that is, whether it is in motion, at rest or in use.

Prevention: This is achieved by Policies, procedures, training, threat modelling, risk assessment, penetration testing and all other inclusive sustainment activities to posture a secure position.

Operations: Constant observation of the Enterprise with a keen eye, coupled with the right tools and processes, to recognize incidents & events, and respond accordingly in a timely manner.

Product/solution perspective

Cyber Security is a concern for all, and hence it is logical to believe that there must be some solution or effort to create a solution to partially/completely solve this problem. The solution is likely to come from solution providers which mostly, are commercial enterprises. There isn’t a “one-size-fits-all” solution to cybersecurity. However, in general, solutions should include both sophisticated technology and more “human” components such as employee/user training and prioritization in the company boardroom. The outline of such a solution category is discussed in this section.

Identity and Access Management: Identity and access management (IAM) in are about defining and managing the roles and access privileges of individual network users and the circumstances in which users are granted (or denied) those privileges. Those users might be customers (customer identity management) or employees (employee identity management). IAM systems provide administrators with the tools and technologies to change a user’s role, track user activities, create reports on those activities, and enforce policies on an ongoing basis.

Network Security: This is the practice of preventing and protecting against unauthorized intrusion into the networks. Network security is implemented by the tasks and tools one uses to prevent unauthorized people or programs from accessing your networks and the devices connected to them. Your computer can’t be hacked if hackers can’t get to it over the network. At a high level, this consists of protection, detection, and reaction to the threats.

Endpoint Security: Endpoint security refers to a methodology of protecting the network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connection to the network creates a potential entry point for security threats. It is designed to secure each endpoint on the network created by these devices. Endpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the network.

Messaging Security: Messaging security is focused on securing and protecting an organization’s communication channels (email software, messaging apps and social network IM platforms). This extra layer of security can help secure devices and block a wider range of viruses or malware attacks. Messaging security helps to ensure the confidentiality and authenticity of an organization’s communication methods.

Web Security

Websites and web applications are just as prone to security breaches as physical homes, stores, and government locations. Unfortunately, cybercrime happens every day, and great web security measures are needed to protect websites and web applications from becoming compromised. That’s exactly what web security does – it is a system of protection measures and protocols that can protect your website or web application from being hacked or entered by unauthorized personnel. This integral division of Information Security is vital to the protection of websites, web applications, and web services. Anything that is applied over the Internet should have some form of web security to protect it.

Security and Vulnerability Management

Vulnerability management is a pro-active approach to managing network security by reducing the likelihood that flaws in code or design compromise the security of an endpoint or network. It is the “cyclical practice of identifying, classifying, prioritizing, remediating, and mitigating” software vulnerabilities.

Security Technologies

While this is beyond the scope of this document to get into technical details of the key security technology; a high-level view of key cybersecurity technology is presented as below for reference.

Technology	Category	Category 2	Details
Hardware	Content management	Content management	Content management hardware includes on-premise appliances for web and messaging security.
	Data security	Data classification and data loss prevention	DLP suites can detect sensitive data in motion (transiting a network), in use (being viewed or accessed via an end-user device), and at rest (e.g., data stored on endpoints, servers, and media).
	Network security	Firewall	Firewall products are created to filter network traffic through filtering, stateful inspection, and/or proxy. Some firewalls may include virtual private networking along with other security features.
		Intrusion detection and prevention	IDP products will compare current activity with a list of known signatures to represent threats and utilize protocol analysis, anomaly, behavioral, or heuristics to discover unauthorized network activity.
		Unified threat management	Product usually can perform network firewalling, network intrusion detection and prevention, and gateway antivirus.
		Virtual private network	Virtual private network products allow an organization to extend the secure connectivity of its network to remote offices and users, using encryption and authentication technologies.
Software	Data security	Data classification and data loss prevention	DLP suites can detect sensitive data in motion in use (being viewed or accessed via an end-user device), and at rest (e.g., data stored on endpoints, servers, and removable media).
	Endpoint security software	Endpoint security software	Access and information protection, Antimalware, Proactive endpoint risk management (PERM), Server security.
	Identity and digital trust	Identity and digital trust	Authentication, Legacy authentication, Privileged access, Provisioning, Single sign-on
	Messaging security	Messaging security	Messaging security includes antispam, antimalware, and content filtering and is deployed on all security platforms.
	Network security software	Network security software	Network security software protects corporate networks and network-embedded resources from the disruption caused by external threats.
	Security analytics, intelligence, response,	Security analytics, intelligence, response	Device/SW vulnerability assessment (VA), Forensics and incident investigation, Policy and compliance, Security device systems management (SDSM), Security information and event management (SIEM),
	Web content inspection	Web content inspection	Web security software protects against both inbound (malware) and outbound (data leakage) threats.

Module 5 – Cybersecurity, as basic necessity of every learning process

Curriculum

Chapter 3 – Cyber Security Architecture and Components

The Secure (Cybersecurity) Architecture

Product/solution perspective

Security Technologies

Modal title