Defending the Castle of Gondor

The brutal battle of the Pelennor Fields in The Lord of the Rings epic, is instructive for cyber defense. Gandalf, the White Wizard, was charged with defending Minas Tirith, and the majestic Castle of Gondor. The castle was constructed with a series of concentric castle walls for protection.  During the attack of Dark Lord Sauron’s minions, Gandalf tried to hold ground.  Eventually, the first wall was breached, so Gandalf ordered his army back behind the next wall.  The situation was bleak, but moving behind the next interior wall bought them time as they waited for Aragorn to come with reinforcements.

Cybersecurity for your organization is a lot like defending the Castle of Gondor. You need to slow down the attackers before they get to your critical assets. Protection in layers in the cyber world, much like that concentric castle, is called “defense in depth.”  An article from Force Point (https://www.forcepoint.com/cyber-edu/defense-depth) defines it well. “Defense in Depth (DiD) is an approach to cybersecurity in which a series of defensive mechanisms are layered in order to protect valuable data and information.”  With cyber DiD, like with the Castle of Gondor, if one set of defenses fails, there is another mechanism in place to impede the attack.  Sometimes the cyber DiD is called the castle defense due to the parallels between cyber warfare and physical warfare.

The goal of DiD is to slow down the attacker and get them to make “noise,” so they can be detected, and the user can get reinforcements.  Unlike Gondor, where the siege was quite obvious, cyber-attacks can go undetected for weeks and even months.  This is where your cyber-layered defenses can help to slow the attacks down and make some noise.

We discussed controls last week.  A control is an action, a device, a procedure, or a technique that removes or reduces a vulnerability. Controls, when used in depth, can make severe vulnerabilities hard for attackers to take advantage of, or exploit.

In the cyber world, there is no single control that can successfully protect against every single type of attack.  For your network, the expensive firewall is not going to stop everything, nor will the next- generation anti-virus.  You need to have a layered cyber strategy that includes preventive, detective, and deceptive controls to protect your network. 

A layered defense would start with the basics of firewalls and anti-virus/anti-malware, but it might also include an intrusion prevention system, end-point detection, centralized monitoring, encryption, web application firewalls, and access control lists, to name a few.  Besides these technical controls, you can also add procedural and policy controls – a set of rules to follow, and the proper way of doing things.  In addition, you can work on human security by adding cybersecurity training to your layered defense.  Human security is critical, as all the leading-edge technology is helpless if the end user provides the hacker the keys to the kingdom. 

Aragorn brought the Army of the Dead to save Minas Tirith from Sauron’s army. When it came to their defense-in-depth strategy, the sum of the protective layers was much greater than what was offered by each individual component. Just like the Castle of Gondor, your cyber defense needs overlapping and redundant defenses.  If the attackers make enough noise, you may have time to get reinforcements in place.