Defense in depth uses a layered approach when designing the security posture of an organization. Think about a castle that holds the crown jewels. The jewels will be placed in a vaulted chamber in a central location guarded by security guards. The castle is built around the vault with additional layers of security—soldiers, walls, a moat. The same approach is true when designing the logical security of a facility or system. Using layers of security will deter many attackers and encourage them to focus on other, easier targets.
Defense in depth provides more of a starting point for considering all types of controls—administrative, technological, and physical—that empower insiders and operators to work together to protect their organization and its systems.
Here are some examples that further explain the concept of defense in depth:
Data: Controls that protect the actual data with technologies such as encryption, data leak prevention, identity and access management and data controls.
Application: Controls that protect the application itself with technologies such as data leak prevention, application firewalls and database monitors.
Host: Every control that is placed at the endpoint level, such as antivirus, endpoint firewall, configuration and patch management.
Internal network: Controls that are in place to protect uncontrolled data flow and user access across the organizational network. Relevant technologies include intrusion detection systems, intrusion prevention systems, internal firewalls and network access controls.
Perimeter: Controls that protect against unauthorized access to the network. This level includes the use of technologies such as gateway firewalls, honeypots, malware analysis and secure demilitarized zones (DMZs).
Physical: Controls that provide a physical barrier, such as locks, walls or access control.
Policies, procedures and awareness: Administrative controls that reduce insider threats (intentional and unintentional) and identify risks as soon as they appear.
Top comments (0)