Skip to main content

Defense in depth strategy

A layered defense is difficult to penetrate.
When one barrier fails, another takes its place to stop an attack.
Defense in depth is a security model that makes use of this concept.
It's a layered approach to vulnerability management that reduces risk.
Defense in depth is commonly referred to as the castle approach because it resembles the layered defenses of a castle.

In the Middle Ages, these structures were very difficult to penetrate.
They featured different defenses, each unique in its design, that
posed different challenges for attackers.
For example, a water-filled barrier called a moat usually formed a circle around the castle, preventing threats like large groups of attackers from reaching the castle walls.
The few soldiers that made it past the first layer of defense were then faced with
a new challenge, giant stone walls.
A vulnerability of these structures were that they could be climbed.
If attackers tried exploiting that weakness, guess what?
They were met with another layer of defense, watch towers, filled with defenders 
ready to shoot arrows and keep them from climbing!
Each level of defense of these medieval structures minimized the risk of attacks by identifying vulnerabilities and implementing a security control should one system fail. 

Defense in depth works in a similar way.
The defense in depth concept 
can be used to protect any asset.
It's mainly used in cybersecurity to protect 
information using a five layer design.
Each layer features a number of security controls that 
protect information as it
travels in and out of the model.

The first layer of defense in 
depth is the perimeter layer.
This layer includes some technologies 
that we've already explored,
like usernames and passwords.
Mainly, this is 
a user authentication layer that filters external access.
Its function is to only allow access to 
trusted partners to reach the next layer of defense.

Second, the network layer is more 
closely aligned with authorization.
The network layer is made up of 
other technologies like network firewalls and others.

Next, is the endpoint layer.
Endpoints refer to the devices 
that have access on a network.
They could be devices like a laptop, 
desktop, or a server.
Some examples of technologies that protect 
these devices are anti-virus software.

After that, we get to the application layer.
This includes all the interfaces 
that are used to interact with technology.
At this layer, security measures are 
programmed as part of an application.
One common example is multi-factor authentication.
You may be familiar with having to enter 
both your password and a code sent by SMS.
This is part of the application layer of defense.

And finally, the fifth layer of defense is the data layer.
At this layer, we've arrived at 
the critical data that must be protected, 
like personally identifiable information.
One security control that is important here in 
this final layer of defense is asset classification.

Like I mentioned earlier, 
information passes in and out of each of 
these five layers whenever it's exchanged over a network.
There are many more security controls aside from the few 
that I mentioned that are part
of the defense in depth model.
A lot of businesses design 
their security systems using the defense in-depth model.
Understanding this framework hopefully 
gives you a better sense of how 
an organization's security controls work 
together to protect important
Back to top