The Driver Behind This
Just like the first step of avoiding a trap is knowing of its existence; the first step in protecting against something is knowing it’s there. Knowing the variety of ways in and out of your organization’s network environment is equally important. Those points of entry and exit NEED TO BE MANAGED AND PROTECTED TOO. While your firewall is normally the first line of defense when employing a Defense in Depth model, it should not be your only line of defense. You should be including not only your perimeter firewall, but also applications that allow data exchanges (including APIs), X-as-a-Service providers, Wireless Access Points, mobile devices, as well as Shadow IT (i.e., Gramarly, OneDrive, DropBox). When networks are poorly designed and architected, they will degrade other security capabilities. Make sure the perimeter is documented (inventoried, if you will) and that it is centrally managed. Ensure you know what data is flowing where, how it’s being exchanged, what the classification is (e.g., public, private, secret), when it’s being shared and how it gets from point A to point B.
Continue reading “How do you define and manage your perimeter?”