A defense-in-depth strategy, aka a security-in-depth strategy, refers to a cybersecurity approach that uses multiple layers of security for holistic protection. A layered defense helps security organizations reduce vulnerabilities, contain threats, and mitigate risk. In simple terms, with a defense-in-depth approach, if a bad actor breaches one layer of defense, they might be contained by the next layer of defense. Show
The defense-in-depth concept was originally conceived by the U.S. National Security Agency (NSA) and takes its name from a common military strategy. (A defense-in-depth cybersecurity strategy is also sometimes referred to as a castle approach because it is similar to the layered defenses of a medieval castle with moats, drawbridges, towers, etc.) The NSA defense-in-depth strategy covers people, technology, and operations. It provides guidelines and best practices for securing physical infrastructure, organizational processes, and IT systems. The Evolution of Defense-in-Depth StrategiesHistorically, most businesses developed defense-in-depth strategies around traditional perimeter-based security models designed to protect on-premises IT infrastructure. A classic defense-in-depth security implementation contains a wide range of security elements including:
Defense-in-Depth Strategies for the Digital EraTraditional perimeter-based IT security models, conceived to control access to trusted enterprise networks, aren’t well suited for the digital world. Today, businesses develop and deploy applications in corporate data centers, private clouds, and public clouds (AWS, Azure, GCP, etc.) and they also leverage SaaS solutions (Microsoft 365, Google Workspace, Box, etc.). Most businesses are evolving their defense-in-depth strategies to protect cloud workloads and defend against new attack vectors accompanying digital transformation. Whether applications are hosted on-premises or in the cloud, history shows sophisticated attackers can breach networks and fly under the radar for weeks or longer. The 2020 SolarWinds supply chain attack, for example, went undetected for nine months, impacting over 18,000 organizations. In response, many enterprises are adopting a Zero Trust “assume-breach” mindset and adapting their security strategies, using a combination of preventative controls and detection mechanisms to identify attackers and stop them from reaching their goals once they do penetrate a network. The key tenets of a modern defense-in-depth strategy include:
Enterprises typically deploy privileged access management solutions, endpoint privilege management solutions, adaptive multifactor authentication solutions, and secrets management solutions in conjunction with traditional enterprise security solutions (EDRs, firewalls, IDS/IPS, etc.) as part of a comprehensive, modern defense-in-depth strategy. Learn More About Defense-in-Depth Strategies for the Digital Era
What are the layers of defense in depth?The four key layers of the defence in depth security model are:. Layer 1: Perimeter Defence.. Layer 2: Host Protection.. Layer 3: Operating Systems and Application Protection.. Layer 4: Data/Information Protection.. What is defense in depth in network security?What it is: Defense in Depth (DiD) refers to an information security approach in which a series of security mechanisms and controls are thoughtfully layered throughout a computer network to protect the confidentiality, integrity, and availability of the network and the data within.
How does defense in depth prevent attacks?Defense in depth is a cybersecurity approach that uses layered defensive mechanisms to protect systems and data. With layering, if one defense fails, another is there to block an attack. This intentional redundancy creates greater security and can protect against a wider variety of attacks.
What are the three modes of protection of defense in depth?Defense in depth can be divided into three areas: Physical, Technical, and Administrative.. Physical.. Technical.. Administrative.. |