When the threat actors break down your door, make sure you have another door.
Defense in depth is a security approach that involves deploying multiple layers of security tools, mechanisms, and policies in tandem. The goal is to create a robust defense system where if one layer fails, others will step in to protect against threats.
Analogies:
- Imagine a medieval castle with multiple moats, walls, and parapets. Each layer adds an additional barrier for attackers.
- In military terms, it’s akin to a defending army strategically retreating into its homeland’s interior, trading space for time.
Example:
PERIMETER SECURITY
Firewall, Penetration Testing, IDS/IPS, DDoS Protection
NETWORKING SECURITY
VPN, Wi-Fi Security, Secure DMZ, MDR, Continuous Monitoring
ENDPOINT SECURITY
NGAV/EDR, Asset Tracking, Rogue Device Monitoring, Patch Management, MFA, Endpoint Encryption
DATA SECURITY
PAM, MFA, Email Encryption, Data Backups, Database Monitoring, SIEM
BUSINESS OPERATIONS
Service Desk, SOC, Business Continuity, Disaster Recovery, Policies & Procedures, Governance, User Training, Vulnerability Management
PHYSICAL SECURITY
CCTV Security System, Access Control System, Guest Management, Alarm System, Power Backup, Fire Suppression
Defense in depth isn’t about relying on a single tool it’s about creating a resilient fortress where attackers face relentless obstacles. If you environment, account, resource, application is defeated by one single point of failure you need better defense in depth.