APPENDIX I

image

Network Segmentation

Enterprises frequently mistake complexity for “defense in depth.” There are firewalls, intrusion detection systems, proxies, and packet capture—all in a single layer on the outside of the network. The enterprise states, “That’s four layers of security protecting us,” when the reality is that security is just one layer with four parts. Once a computer inside of the enterprise is compromised, there is nothing on the inside to provide additional protection or catch the attacker who has gotten in. Figure I-1 shows another example of defense in depth that also turned out to be inadequate when it was tested.

Similarly, ...

Get Enterprise Cybersecurity: How to Build a Successful Cyberdefense Program Against Advanced Threats now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.