Critical business applications such as Salesforce, SAP, and Workday house the largest concentration of sensitive data within an enterprise. As a result, threat actors are using more sophisticated attacks than ever to access these applications, such as phishing, account takeovers and credential stuffing. With more organizations reporting breaches that began within the confines of a business application, it’s no surprise that malicious cybercriminals continue to target business applications.
Protecting sensitive information requires comprehensive security measures applied to each layer of the communication stack, including the application layer. However, organizations still struggle to safeguard their critical data across their applications.
Traditional security approaches, which focus on bolstering network and infrastructure, are not sufficient to defend against the attack methods involving misuse or abuse of authorized access in applications with sensitive data. Security teams have little to no insight into the risky user activities in applications, deeply threatening the overall security posture. In many enterprises, application-layer visibility continues to be a blind spot in their cybersecurity strategy.
Layers of Vulnerability
Developed in the late 1970s by the Open Systems Interconnection group at the International Organization for Standardization (ISO), the OSI (Open Systems Interconnection) model of computer communications asserts that there is a hierarchical architecture made up of seven layers. Although not specifically targeted at security, each layer can represent a different attack surface, all demanding specific security measures to mitigate threats and vulnerabilities.
By utilizing the OSI model as a guide and securing layers from the top-down, enterprises will be better prepared to protect their most critical data in the event of a breach.
Below is an overview of each of these layers. As enterprises shift to a remote-first environment with cloud applications at the core, additional emphasis must be placed on protecting the most exposed layer, the application layer (Layer 7). By using the OSI model as a guide and securing layers from the top down, enterprises will be better prepared to protect their most critical data in the event of a breach.
The OSI Model’s seven layers are:
- Layer 1: The Physical Layer consists of physical characteristics of the physical media, including the kinds of cables used to connect devices, data conversion functions and the electrical aspects of the signals for data transmission.
- Layer 2: The Data Link Layer addresses the packing and unpacking of data framework for transmission over a physical link between network entities and supports basic error detection to ensure that the data is received correctly. At the Data Link Layer, each network node is identified with the Media Access Control (MAC) address.
- Layer 3: The Network Layer manages routing data packets through the network infrastructure. It operates at the level where network devices are recognized and managed with IP addresses, which are logical addresses mapped to the devices’ MAC addresses.
- Layer 4: The Transport Layer provides end-to-end communication control. This is where protocols like TCP and UDP operate to ensure that data packets are disassembled, moved through the network reliably and then reassembled into a data stream at the destination.
- Layer 5: The Session Layer manages the application connection between two endpoints as well as authentication and authorization functions. This layer handles establishing, maintaining and terminating connections so the data can be exchanged for the application.
- Layer 6: The Presentation Layer converts data sent through the network into information that can be used by the application layer. This layer addresses data formatting as well as data compression and encryption.
- Layer 7: The Application Layer represents the layer that interacts with the end user. This layer works with the application software to provide communications functions and the resources to support any data transfer for application services, such as HTTP/HTTPS, FTP/SFTP. SMTP, DNS, etc. This is the layer where users access and perform business transactions in applications like SAP ECC, Oracle EBS, Salesforce. Ariba, Concur and NetSuite.
Securing the Layers from the Top Down
As the lower layers of the OSI model are managed and handled by SaaS vendors in the public cloud, the topmost application layer should be a top priority when practicing ideal security hygiene. Sensitive information like employee data, financial records, and intellectual property can all be easily accessed here.
Remote work and digital transformation have only accelerated the use of business applications, leading to a sharp increase in cyber attacks. In order to secure this layer, here are a few practices that security teams should integrate into their strategy:
- Identify and classify data housed in applications to determine how to protect sensitive data at the application layer, using data masking and encryption.
- Obtain real-time application user activity data to increase visibility beyond infrastructure and devices and enable comprehensive application insight to potential insider threats.
- Transform and normalize user activity through unified monitoring of user behavior across applications, to understand threats within the context of multiple business applications.
- Monitor privileged accounts, which represent an increased vector for risk and require increased scrutiny and oversight.
- Automate responses to specific user activities including auto deprovisioning, enforcing MFA, and locking accounts to deescalate incidents and quickly mitigate risk of data leakage and breaches.
In terms of cybersecurity, each layer represents a unique attack surface and demands different protocols to minimize cyber threats. By systematically mitigating vulnerabilities at each layer, enterprises can establish application and data integrity. For example, a DDoS attack can interfere with any level, but with comprehensive monitoring and security measures like Zero Trust, a cybersecurity professional can contain the incident before it leaks to other layers.
So what is the future of security strategy relative to the OSI model? Like anything else, the OSI model will likely evolve over time. Researchers are already coining the eighth layer — the humans that access the applications and infrastructure in the lower eight layers. Focus will undoubtedly shift towards managing the higher layers of the OSI model that remain in control for cybersecurity teams.
The New Stack is a wholly owned subsidiary of Insight Partners, an investor in the following companies mentioned in this article: Tricentis.
Feature image via Pixabay.