Defense-in-Depth (2024)

A defense-in-depth strategy, aka a security-in-depth strategy, refers to a cybersecurity approach that uses multiple layers of security for holistic protection. A layered defense helps security organizations reduce vulnerabilities, contain threats, and mitigate risk. In simple terms, with a defense-in-depth approach, if a bad actor breaches one layer of defense, they might be contained by the next layer of defense.

The defense-in-depth concept was originally conceived by the U.S. National Security Agency (NSA) and takes its name from a common military strategy. (A defense-in-depth cybersecurity strategy is also sometimes referred to as a castle approach because it is similar to the layered defenses of a medieval castle with moats, drawbridges, towers, etc.)

The NSA defense-in-depth strategy covers people, technology, and operations. It provides guidelines and best practices for securing physical infrastructure, organizational processes, and IT systems.

The Evolution of Defense-in-Depth Strategies

Historically, most businesses developed defense-in-depth strategies around traditional perimeter-based security models designed to protect on-premises IT infrastructure. A classic defense-in-depth security implementation contains a wide range of security elements including:

  • Endpoint security solutions – antivirus software and endpoint detection and response (EDR) tools to protect threats originating from PCs, Macs, servers, and mobile devices; and endpoint privilege management solutions to control access to privileged endpoint accounts.
  • Patch management tools – to keep endpoint operating systems and applications up-to-date and address common vulnerabilities and exposures (CVEs).
  • Network security solutions – firewalls, VPNs, VLANs, etc. to protect traditional enterprise networks and conventional on-premises IT systems.
  • Intrusion detection/prevention (IDS/IPS) tools – to identify malicious activity and thwart attacks aimed at traditional on-premises IT infrastructure.
  • User identity and access management solutionssingle sign-on, multi-factor authentication, and lifecycle management tools to authenticate and authorize users.

Defense-in-Depth Strategies for the Digital Era

Traditional perimeter-based IT security models, conceived to control access to trusted enterprise networks, aren’t well suited for the digital world. Today, businesses develop and deploy applications in corporate data centers, private clouds, and public clouds (AWS, Azure, GCP, etc.) and they also leverage SaaS solutions (Microsoft 365, Google Workspace, Box, etc.). Most businesses are evolving their defense-in-depth strategies to protect cloud workloads and defend against new attack vectors accompanying digital transformation.

Whether applications are hosted on-premises or in the cloud, history shows sophisticated attackers can breach networks and fly under the radar for weeks or longer. The 2020 SolarWinds supply chain attack, for example, went undetected for nine months, impacting over 18,000 organizations.

In response, many enterprises are adopting a Zero Trustassume-breach” mindset and adapting their security strategies, using a combination of preventative controls and detection mechanisms to identify attackers and stop them from reaching their goals once they do penetrate a network. The key tenets of a modern defense-in-depth strategy include:

  • Protect privileged access – use privileged access management solutions to monitor and secure access to privileged accounts (superuser accounts, local and domain administrator accounts, application administrative accounts, etc.) by both human and non-human identities (applications, scripts, bots, etc.).
  • Lockdown critical endpoints – use advanced endpoint privilege management solutions to lock down privilege across all endpoints, prevent lateral movement, and defend against ransomware and other forms of malware.
  • Enable adaptive multifactor authentication – use contextual information (location, time of day, IP address, device type, etc.) and business rules to determine which authentication factors to apply to a particular user in a particular situation.
  • Secure developer tools – use secrets management solutions to secure, manage, rotate and monitor secrets and other credentials used by applications, automation scripts, and other non-human identities.

Enterprises typically deploy privileged access management solutions, endpoint privilege management solutions, adaptive multifactor authentication solutions, and secrets management solutions in conjunction with traditional enterprise security solutions (EDRs, firewalls, IDS/IPS, etc.) as part of a comprehensive, modern defense-in-depth strategy.

Learn More About Defense-in-Depth Strategies for the Digital Era

Defense-in-Depth (2024)
Top Articles
Million Dollar Pound Cake Recipe
36 Uplifting & Motivating Quotes To Get You Through Bad Days
Mashable Wordle Clue
Pear Shaped Rocsi
Used Toyota Camry for Sale in New York, NY (with Photos)
Christmas Bloody Christmas Showtimes Near Island 16 Cinema De Lux
Langlands Funeral Home Holland
Palmetto Primary Care Patient Portal : Features, Benefits & Access
Bbrt Gay Website
Pawn Shops In Sylva Nc
Nj 163 Bus Schedule Pdf
Liberty Mutual Pool Party Commercial Cast
7133538611
Shapovalov Flashscore
Manale Occupational & Physical Therapy East Los Angeles
Cincinnati H S Football Scores
Play Nine: The Card Game of Golf | Fun Family Card Games
Biography - Tiger Woods
Megapersonals.xom
Einstein's Theory of Special Relativity
West Lafayette Skyward
Ucsf Guest Pay
Drive Mad Yandex
Craigslist Trucks Atlanta
Best Restaurants And Bars Near Me
Evo Unblocked
Sky Ward Alpine
Sound Of Freedom Showtimes Near Marcus South Pointe Cinema
Coenzym Q10-Produkte – ist ein Nutzen wirklich bewiesen? | Verbraucherzentrale.de
Der unbekannte Hundertwasser
Is Jake Herak Related To Rich Lewis
Stackman Casriel Group
Cameo for Songs? This ‘Shark Tank’ Startup Wants to Dominate the Personalized-Music Market
Songlorious: Shark Tank Update After the Show - Season 13 (2024 Update)
Karen Polsinelli Obituary
Mudfish Ffxiv
Ohio State Football Wiki
Gasbuddy Tampa
What Is Vgn Envoye
Saberhealth Time Track
Csl Plasma Birthday Bonus
Costco Chantilly Gas Price
UltiPro | Human Capital Management for Your Global Workforce
[20 Test Answers] FEMA IS-904: Active Shooter Prevention: You Can Make a Difference – Test Pinoy
Sava Džehverović - Blic.rs
DIGLA SE KUKA I MOTIKA ZBOG DŽEHVINOG BRATA: Sava čeka dete sa 15 godina mlađom influenserkom, tviteraši ga osudili da je PEDOFIL - on se hitno oglasio!
Johnson Funeral Home Elizabethtown North Carolina
The Blind Showtimes Near Showcase Cinemas Springdale
What Is Opm1 Treas 310 Deposit
Biometrics Technician - On Call - Austin, Texas, United States
Liquor Store Near Red Roof Inn
Msu Ro
Craigslist Campers Greenville Sc
L'alternativa - co*cktail Bar On The Pier
The formation of formates: a review of metal formates on heritage objects
3 Ways to Format a Computer - wikiHow
Adin Ross: Wiki, Height, Age, Girlfriend, Net worth, Biography, Family & More
Corinna Kopf - Bio, Age, Net Worth, Single, Facts, Career, Wiki
Online Music Visualizer - Add Sound Waves to Videos - VEED.IO
Top 13 Best Music Visualizers in Realtime and Recordable
Richard Sambade Obituary
91 East Freeway Accident Today 2022
At Home Hourly Pay
2005 GENERAL INFORMATION General Information
Lou Cornell Wsp Salary
Danmachi Volume 18 Fan Translation
Daughter Swap Ebony
Clare Fm Deaths
Wednesday Morning Gifs
Gilson 1580 Tiller Parts Diagram
Expedition Scout Pack Locations
Psilly Psychedelic Gummies 800Mg
Bayhealth Baynet Employee Login
西必洛林緣度假村的評論-最新48則真實住客評語 | Trip.com
Airbnb Month To Month Rentals
Nashville Predators Wiki
Mcg Tactical Laser Sight
Kayla Samz Obituary
Kincil Only
Craigslist Ct Bridgeport
Realifecam Hotscopes
Rio Rancho Billboards
Smailpro Advanced
How to delete your Twitter account | Digital Trends
Don't Starve Together: Console Edition FAQ (PS4)
Don't Starve Together [DST] - FAQ - Basically Average
Double Deuces Spartanburg Sc
New Jersey Real Estate & NJ Homes for Sale | realtor.com®
18339870378
Warriors star Draymond Green suspended indefinitely by NBA
Freitag, der 13.: Lustige GIFs für WhatsApp, Instagram und Co.
Custom Patch Factory Coupon Code
Ttw Cut Content
8 Things to Do in Cherry Creek
How to Watch Fox Sports 2 Live Without Cable in 2024
Mechwarrior 5 Best Starting House
How Did Lucifer Fall?
How Did Lucifer Fall From Grace – Christian.net
Alanna Capellan Twitter
Craigslist Furniture Boise Idaho
Wat is een Microsoft Tenant
Wat is multitenancy? En waarom is het essentieel voor jouw succes?
Latest Posts
Article information

Author: Allyn Kozey

Last Updated:

Views: 6033

Rating: 4.2 / 5 (63 voted)

Reviews: 94% of readers found this page helpful

Author information

Name: Allyn Kozey

Birthday: 1993-12-21

Address: Suite 454 40343 Larson Union, Port Melia, TX 16164

Phone: +2456904400762

Job: Investor Administrator

Hobby: Sketching, Puzzles, Pet, Mountaineering, Skydiving, Dowsing, Sports

Introduction: My name is Allyn Kozey, I am a outstanding, colorful, adventurous, encouraging, zealous, tender, helpful person who loves writing and wants to share my knowledge and understanding with you.