Defense in Depth

Defense in depth is a way of approaching cybersecurity that relies on layering defenses on top of each other. These various layers act as failsafe mechanisms, so if one is breached by a hacker, another layer of defense can attempt to stop the attack.

Terms related to Defense in Depth: Vulnerability, vulnerability management, network security, firewall, antivirus, cybersecurity, penetration testing, backdoor, exploit, monitoring, identity management, multifactor authentication, data integrity, encryption.

Defense in depth uses a variety of hardware, software, approaches, and tools to provide robust cybersecurity protection to an organization’s systems and data. This typically involves creating multiple redundancies, so if an attacker manages to get through one defensive layer, another layer is immediately introduced to thwart progress.

This approach to defense is useful because it insists on using different types of tools, techniques, and cybersecurity principles to build wide-ranging defenses. No one approach, by itself, is effective in stopping a determined attacker. The defense in depth approach gets around this by bringing together multiple areas to fortify systems and data.

Aspects of a defense in depth approach can include:

  • Security tokens that display a special security code based on the time of day or other factors.
  • Biometric information that uses things like fingerprints, voice recognition, or iris patterns to verify users.
  • Adaptive authentication that uses smart algorithms to request further identification if needed, based on normal and unusual access patterns.

Each organization will implement defense in depth differently, based on available tools and sensitivity of data.

Defense in Depth Resources from Crossmatch