Defense in Depth

A single protection measure is not sufficient to defend against today’s dynamic and evolving threats. That’s why we have adopted a Defense in Depth strategy which leverages multiple security layers to safeguard your WinCC OA projects. Think of it as a series of concentric circles, each reinforcing the other. This video will give you a concise overview of this approach.

Video Information

Length: 3:12
Language: English

Transcript

Hello this is Mounir, your host of the WinCC OA securities video series! In this episode, we are going to explore the topic of Defense in Depth as a fundamental security strategy. It’s a holistic approach that utilizes multiple security layers to keep bad things from happening.

To illustrate a single layer of the Defense in Depth concept, consider the use of a Demilitarized Zone (DMZ). If an attacker targets a computer within the DMZ, they will be detected by the Intrusion Detection System (IDS). The IDS will then terminate the connection, securing the system and mitigating the risk.

However, a single protection measure cannot completely protect against today's increasingly evolving threats, and you must consider additional layers to prevent attackers by implementing a Defense in Depth strategy.

WinCC OA projects benefit from multiple layers of protection. They increase the overall security of your system because the additional layers act as a backup for broken layers. In the case of an intruder, you may detect suspicious activities if you configure an intruder detection or Intrusion Detection System (IDS). This layer may report if an attacker tries to brute force a password from a secured system.

Now, to implement layers of protection, you need to understand the risk to your system by considering its exposure. When your system is connected to the internet, it’s important to implement security layers that monitor and control internet traffic, unlike a system that is only accessible locally. Then you must harden your operating system to reduce the possible attack vectors. With an appropriate network configuration, you can control access to your secured servers, and they should be located in a locked room with privileged access.

OK, so these are layers of protection you can implement, but what about employees? First, you must train the security awareness of your employees so that an attacker may not access the system using social engineering methods.

Attackers are always evolving, and we must do the same. A system that was defined as secure yesterday may not be secure tomorrow. Therefore, you must continuously monitor your system and check for vulnerabilities, which is another layer of defense.

Defense in Depth should be viewed as a process that is repeated in regular cycles to ensure the best possibleprotection.

Thank you for watching and remember to follow us on LinkedIn and YouTube and be on the lookout for our next episode in this series.