What is defense in depth?

What is defense in depth?

What is defense in depth?

Defense in depth is a security strategy in which multiple security tools, mechanisms, and policies are deployed in tandem on the assumption that if one fails, another will hold. Rather than, say, relying solely on a firewall to keep hackers out of a corporate network, an organization would also deploy endpoint security software and intrusion detection systems (IDS) to spot any attacker who manages to slip past that firewall. The intention isn't to deploy different tools to face different specific threats: rather, a defense in depth strategy assumes that an attacker manages to defeat or bypass one tool, then other tools will pick up the slack and fight back in a different way.

Defense in depth is sometimes called a castle approach: the image is of a medieval fortress with many moats and parapets that attackers would have to breach. The term defense in depth itself has a military origin, describing a war scenario where a weaker defending army strategically retreats into its homeland's interior, trading space for time. This isn't how cyber defense in depth works, though: at no point do defenders intentionally cede control of any systems to an attacker (as they would when using a honeypot). Instead, you should imagine an attacker running into a relentless series of defenses, with new ones popping up every time an old one is defeated. And each of those tools is built assuming that it will be the last one standing. As Michael Howard and David LeBlanc memorably put it in the book Writing Secure Code: "If you expect a firewall to protect you, build the system as though the firewall has been compromised."

How NetworkFort can help your organization?

visit our website: https://lnkd.in/gzqtnpyJ

To view or add a comment, sign in

More articles by Network Fort

Insights from the community

Others also viewed

Explore topics