Defense in Depth

What is Defense in Depth?

Defense in depth is a strategic approach to cybersecurity that uses multiple types of security controls to protect sensitive information and IT assets. Multi-layered defenses can prevent or slow down an attack and make it more likely that a threat actor will be detected by automated security mechanisms or security teams.

Table of Contents Table of Contents

1. What is Defense in Depth?
2. Key Takeaways
3. How Defense in Depth Works
4. Defense in Depth Elements
5. Security Practices Used in Defense in Depth
6. Defense in Depth Security Architectures
7. Defense in Depth Use Cases
8. Defense in Depth Examples
9. The Bottom Line
10. FAQs
11. References

Show Full Guide

Table of Contents

1. What is Defense in Depth?
2. Key Takeaways
3. How Defense in Depth Works
Show Full Guide
4. Defense in Depth Elements
5. Security Practices Used in Defense in Depth
6. Defense in Depth Security Architectures
7. Defense in Depth Use Cases
8. Defense in Depth Examples
9. The Bottom Line
10. FAQs
11. References

How Defense in Depth Works

Defense in depth prevents a single point of failure (SPoF). The strategy recognizes that attackers can exploit vulnerabilities in different ways, so a variety of security measures are needed to address different threats.

Effective defense in depth strategies combine preventive measures like firewalls with detective measures like intrusion detection systems, mitigation measures like network segmentation, and recovery measures like incident response plans.

Automation and artificial intelligence (AI) are playing increasingly important roles in defense in depth. Automation is being used to streamline security processes and reduce the burden on security teams. AI-supported security tools are being used to analyze vast amounts of log data and identify anomalies that might indicate a threat.

Defense in Depth and Layered Security

A defense in depth strategy uses technical, administrative, and physical security controls to create a robust security posture that assumes no single defense can be completely effective on its own. A layered approach helps prevent attacks, makes it easier to identify attacks in progress, and limits the damage that a successful attack can cause.

Defense in Depth Elements

Defense in depth elements are the security controls for layered security. Each element protects different aspects of an information technology (IT) system and the data that passes through it.

• Technical controls are the software, hardware, and firmware solutions that directly protect systems and data.
• Administrative controls are the policies, procedures, and guidelines that govern how people can interact with an IT system.
• Physical controls are measures that protect tangible IT assets like data center buildings, cooling systems, network equipment, and end-user computing devices.

Security Practices Used in Defense in Depth

Tactical implementations of a defense in depth strategy include:

• Regularly updating and patching software, implementing strong password policies, conducting vulnerability scans, and automating penetration testing.
• Conducting regular security awareness training for employees, creating and enforcing security policies, establishing incident response plans, and conducting regular risk assessments.
• Maintaining building visitor logs, implementing strict physical access control procedures, and conducting regular security audits for facilities.

Defense in Depth Security Architectures

In the early days of computing, defense in depth architectures focused on securing the network perimeter with firewalls.

As technology advanced and the Internet became more ubiquitous, the perimeter expanded beyond the physical network. To address new attack vectors, defense in depth architectures focused more on measures like endpoint protection, data encryption, and network access controls.

By the end of the 2010s, the rise of remote work, cloud computing, and the ubiquitous use of mobile computing devices created additional entry points for attackers and necessitated a more comprehensive approach to security.

Recognizing that breaches were inevitable, defense in depth architects began to put greater emphasis on cyber resilience. In addition to preventing attacks, they sought ways to limit the impact of zero-day breaches and advanced persistent threats (APTs) that use spyware to communicate with command and control (C2) servers.

Defense in Depth Use Cases

Defense in depth is a versatile security strategy with numerous real-world applications, including:

• Perimeter security
• Identity and access management
• Network security
• Endpoint security
• Data security
• Application security

Defense in Depth Examples

A layered approach to security forces attackers to invest more time, money, and effort to achieve their goals. The increased cost and risk of detection can make an attack less attractive because each security measure adds another layer of difficulty that makes it less likely the attack will be successful.

Let’s say an attacker wants to break into a retail store’s network and steal customer credit card numbers. Even if the attacker successfully uses phishing to gain network access and reconnaissance to locate the data without being detected, they could still be thwarted if the store encrypts customer data. Decryption can be a time-consuming and difficult process that often requires additional exploits that raise the odds of an attacker being detected.

The Bottom Line

The definition of defense in depth is similar to that of layered security. While both strategies aim to prevent a single point of failure, defense in depth has a wider scope that includes administrative and physical security controls as well as technical controls.

FAQs