Blog :: General :: Network Operations :: Security Operations

Multi-layered security plan

You already understand the importance of having a multi-layered security plan if you read anything about cybersecurity.  We often talk about it on our blogs, too, and for good reason; having a multi-layered security plan is the realistic version of a cyber attack cure-all.

Bad news: a lot of fantastic hardware you ought to use with a multi-layered security plan can break your budget.

Good news: human intelligence plays a huge role in keeping your network safe. In other words, some important aspects of implementing a multi-layered security plan just require time and effort, not extra money.

I want to stress that you get what you pay for.  Aim for the best you can afford; use this guide until you can upgrade.

Think of the multi-layered security plan as being split into 3 categories: Prevention, Investigation, and Restoration.  You can also think of them as before, during, and after a breach.


You will never be able to block 100% of cyber Multi-Layered Security Plan 735pxattacks.  But you can still decrease risk and work to reduce loss.

Some preventative measures are obvious:

  • Antivirus & Firewall/IPS: you almost definitely have these already.
  • Frequent backups: The more effort you put into this, the more it will help you later on.
  • Email filtering: You can scan and delete worms, filter spam, and monitor outbound mail for viruses. If you shop around, you can find filters for around $100/year.
  • File-based encryption: Don’t let data exfiltration be easy.

You should also manage permissions to control who at your company can do what—this mitigates the risk of an insider attack.  Also consider using two-factor authentication. For this, Authy offers reasonable pricing, and Google Authenticator is free.

Document your security plan. It should contain an escalation plan and designate  your Incident Response Team.  Make sure everyone is familiar with your security plan.

Above all, educate your employees. They should know how to report a potential problem, install security patches immediately, and navigate email safely.  The fewer links clicked, the better!


To know when a cyber attack hits, you need to know everything that’s going on within your network. Without knowing the who, what, when, and how, you can’t decide on a good course of action during a breach.

There are several types of forensic tools that help here, such as:

  • Syslogs
  • SIEM
  • IDS
  • Packet capture (you won’t be able to use this extensively without a big budget)
  • NetFlow (including derivatives such as IPFIX)

Consider using more than one of the above—as always, there is no one perfect solution.

You’ll want to eventually invest in hefty investigative tools, but you can check out our blog on free networking monitoring tools.

In case it’s an insider attack, you may not want to inform non-involved employees right away.  And although it seems like the most logical thing, don’t be so quick to unplug the infected machine(s).  Unless files are being destroyed, you can use infected machines to track the attack.


Restoration layers are tricky because they depend on your other investments.  Were you able to contain the breach during the Investigation phase of your multi-layered security plan?  Do you have enough backups to mitigate data loss?  If the cyber attack is severe, you may need to call in your CERT team.

If you’re suffering data exfiltration, you will need to consult your legal and PR teams.  This is especially true if customer data was stolen.  Your industry compliance may require you to make a public announcement of the breach within a specific period of time.  Consider offering some kind of help to affected customers.

Unfortunately, the cost of a cyber attack is rarely under your control.  Instead, research ways to buff up your Prevention and Investigation layers. Plan for investing in better defenses.

Further Improving Your Multi-Layered Security Plan

Now that you have basic multi-layered security plan built, start thinking about how you can strengthen it even more.  Again, consider investing in heftier hardware once you can afford it.   To see how you can use advanced NetFlow to protect your network, check out our collection of whitepapers.