This post summarizs some popular practical security architecture designs / concepts from different security vendors. 

More related posts from this blog:

Check Point Infinity – A Practical Holistic Approach – Consolidated Security Architecture

Check Point Infinity is the first modern, consolidated, cyber security architecture built to prevent sophisticated Fifth Generation attacks across networks, cloud deployments, endpoints, mobile and IoT devices. Check Point’s entire portfolio of security solutions can be managed through a single pane of glass and adheres to all seven Zero Trust principles. Check Point ThreatCloud, the world’s largest cyber threat intelligence database, leverages AI and powers the dozens of threat prevention engines employed by Infinity.

A consolidated security architecture is a multi-layered approach to cyber security that protects all IT attack surfaces – networks, cloud, endpoints, mobile and IoT devices – sharing the same threat prevention technologies, management services, and threat intelligence. A consolidated security architecture is designed to resolve the complexities of growing connectivity and inefficient security. It provides complete threat prevention which seals security gaps, enables automatic, immediate threat intelligence sharing across all security environments, and a unified security management platform for an efficient security operation. Ultimately, a consolidated security architecture improves the overall security of an enterprise.

Check Point offers solutions for all of an organization’s security needs, including:

  • Network Security: Check Point Quantum
  • IoT Security: Check Point Quantum IoT Protect
  • Cloud Security: Check Point CloudGuard
  • Application Security: Check Point CloudGuard AppSec
  • Endpoint Security: Check Point Harmony Endpoint
  • Mobile Security: Check Point Harmony Mobile

ISACA Top-Down Approach

Enterprise Security Architecture—A Top-down Approach

Using the Frameworks to Develop an Enterprise Security Architecture

The fair question is always, “Where should the enterprise start?”

If one looks at these frameworks, the process is quite clear. This must be a top-down approach—start by looking at the business goals, objectives and vision.

The initial steps of a simplified Agile approach to initiate an enterprise security architecture program are:

  • Identify business objectives, goals and strategy
  • Identify business attributes that are required to achieve those goals
  • Identify all the risk associated with the attributes that can prevent a business from achieving its goals
  • Identify the required controls to manage the risk
  • Define a program to design and implement those controls:
    • Define conceptual architecture for business risk:
      • Governance, policy and domain architecture
      • Operational risk management architecture
      • Information architecture
      • Certificate management architecture
      • Access control architecture
      • Incident response architecture
      • Application security architecture
      • Web services architecture
      • Communication security architecture
    • Define physical architecture and map with conceptual architecture:
      • Platform security
      • Hardware security
      • Network security
      • Operating system security
      • File security
      • Database security, practices and procedures
    • Define component architecture and map with physical architecture:
      • Security standards (e.g., US National Institute of Standards and Technology [NIST], ISO)
      • Security products and tools (e.g., antivirus [AV], virtual private network [VPN], firewall, wireless security, vulnerability scanner)
      • Web services security (e.g., HTTP/HTTPS protocol, application program interface [API], web application firewall [WAF])
    • Define operational architecture:
      • Implementation guides
      • Administrations
      • Configuration/patch management
      • Monitoring
      • Logging
      • Pen testing
      • Access management
      • Change management
      • Forensics, etc.

It is that simple. After all risk is identified and assessed, then the enterprise can start designing architecture components, such as policies, user awareness, network, applications and servers.

Figure 6 depicts the simplified Agile approach to initiate an enterprise security architecture program.

Figure 6

Using these frameworks can result in a successful security architecture that is aligned with business needs:

  • COBIT principles and enablers provide best practices and guidance on business alignment, maximum delivery and benefits.
  • The COBIT Process Assessment Model (PAM) provides a complete view of requirement processes and controls for enterprise-grade security architecture.
  • SABSA layers and framework create and define a top-down architecture for every requirement, control and process available in COBIT.
  • The TOGAF framework is useful for defining the architecture goals, benefits and vision, and setting up and implementing projects to reach those goals.
  • The CMMI model is useful for providing a level of visibility for management and the architecture board, and for reporting the maturity of the architecture over time.
Note: https://www.isaca.org/resources/isaca-journal/issues/2017/volume-4/enterprise-security-architecturea-top-down-approach

3 Phases Approach 

Security architects tailor their security approach to best fit their organization and sector, keeping in mind the risk calculations. Most plans have 3 common elements:
  • Phase 1 Develop Policies, Standards, and Best Practices
  • Phase 2 Implementation of Phase 1
  • Phase 3 Monitoring of Phases 1 and 2

Learning about these phases helps everyone understand on a deeper level how security architecture works and why it’s so important.

phases of cybersecurity architecture

Phase 1 Developing an Organization’s Policies, Standards, and Best Practices

Security architects develop their organizational policies, standards, and best practices based on frameworks. These frameworks give guidelines like ‘sensitive data must be encrypted.’ However, there’s no indication of the encryption strength. 

Back to the museum analogy: the framework would suggest that all objects worth between $2 to $3 million need “high security.” It’s then up to the museum to decide how to define its high security.

Common frameworks include ISO 27001 for information security, NIST Cybersecurity Framework addressing threats and supporting business, and OWASP Top Ten for web application security.

After a company has developed and implemented the framework, it can take a step toward official certification. When they pass the audit, their customers are assured of the organization’s level of safety. Over time, changes occur as the security architect adapts systems to stay secure and maintain the certifications.

For some frameworks, cybersecurity staff training is required. It’s an important step because the training helps ensure employees understand their responsibilities and supports maintaining security in the organization. When an organization fails to train, the certification and customer trust are at risk.

A nerdy note: A standard defines thresholds for compliance, and frameworks offer guidelines. But you’ll often find frameworks referred to as company standards.

Phase 2 Using the Building Blocks of Security and Applying Design Concepts

Once security architects define the organization’s policies and standards, the development teams design and implement the software. This stage applies these requirements and principles at the building block level. 

Many organizations apply a principle called “Security by Design.” This involves designing and implementing software components with built-in security controls, ensuring each part of the system is protected against attack. In a way, it’s like building something block by block with Lego. The developers design and construct various building blocks of code to include required security measures relevant to their functionality. When the finished solution is assembled, they have already accounted for many potential security issues.

For example, when considering an app, the cybersecurity architects write the safety rules for authentication and authorization. Such rules may include “Block users who repeatedly enter the wrong password” or “Always check if a user is logged in before giving them access to data.” The developers apply the rules as they make the building blocks. Then they use these existing blocks in other parts of the app, knowing they adhere to the security principles. Finally assembled, the blocks make a secure and robust application.

Phase 3 Monitoring for Changes, Updates, and Implementation

Security architects monitor their systems. They watch to ensure that standards are met, update these standards for new technologies, and keep track of exceptions.

Looking back at our museum building metaphor:

  • Phase 1: The architects decide what safety features the building needs.
  • Phase 2: The builders bring in raw materials and construct the walls.
  • Phase 3: The building inspectors come back to check that the building is safe.

In other words, the security architects monitor phases 1 and 2 to ensure they meet their standards.

In addition, the security architects keep an eye on the list of existing issues that need to be fixed, also called technical debt. Old technologies provide much more surface exposure and are vulnerable to attack. Once or twice a year, a company-wide risk assessment for cyber defense should take place. This helps security architects consider costs and risks and then adapt accordingly. 

From: https://www.ardoq.com/blog/cybersecurity-architecture

MCRA (Microsoft Cybersecurity Reference Architectures)

The Microsoft Cybersecurity Reference Architectures (MCRA) describe Microsoft’s cybersecurity capabilities. The diagrams describe how Microsoft security capabilities integrate with Microsoft platforms and 3rd party platforms like Microsoft 365, Microsoft Azure, 3rd party apps like ServiceNow and salesforce, and 3rd party platforms like Amazon Web Services (AWS) and Google Cloud Platform (GCP).


The reference architectures are primarily composed of detailed technical diagrams on Microsoft cybersecurity capabilities, zero trust user access, security operations, operational technology (OT), multi-cloud and cross-platform capabilities, attack chain coverage, azure native security controls, and security organizational functions.


Microsoft Cybersecurity Reference Architecture - Page 1

The MCRA also includes an overview of Zero Trust and a Zero Trust rapid modernization plan (RaMP). Additionally, this includes other key information on security operations and key initiatives like protecting from human operated ransomware, securing privileged access, moving beyond VPN, and more.

Microsoft Cybersecurity Reference Architecture - Page 2

Recommended content

 

By netsec

Leave a Reply