Security is a Weak Link Sport

Security, like soccer (or football, for everyone outside the US) is a ‘weak link’ sport. You are only as good as your weakest player. For most malicious actors, cybersecurity is a game and the difference between winning and losing is the big payout: accessing your data. That is their goal. Your job is to play defense against these malicious actors in order to protect your data, your organization and your reputation.

What Does Security Have to do With Sports?

In soccer, the goal is to get the ball from one end of the field to the other, and then to eventually get the ball past the goalie. Think of each player on the defending side as a piece of your security infrastructure/ standing: 

Defending Midfielder

The job of the Defending Midfielder is to keep the ball away from the members behind them. Think of them as your IT team. Their job is to test the standing of the pieces behind them. This is usually done through penetration testing and various other system checks to ensure a strong back field.

Wing-Back

Think of the Wing-Back as the frontline defense of your perimeter security. These would be your boarder routers. Their function is to protect the back lines and control the flow of the ball between the defensive lines behind them, or to clear the ball. These are the last (or first) touchpoints into an untrusted network (the Internet). They act like the first and last filtering layer.

Full-Back

The Full-Back would be your firewalls, IDS, IPS and Virtual Private Networks (VPNs). The firewall’s job is to act like a choke by utilizing a set of rules to either allow or deny traffic to pass though. In this case, the ball will be cleared (forced out), or it will get by and (Read more...)

*** This is a Security Bloggers Network syndicated blog from Cylance Blog authored by Chris Stephen. Read the original post at: https://threatmatrix.cylance.com/en_us/home/security-is-a-weak-link-sport.html