Defense in Depth
Defense in depth is a practical strategy for achieving information assurance in today’s highly networked environments, as defined by the NSA, which first applied the long-standing military strategy to network security. The basic premise of defense in depth is that layering security controls within a computing environment helps slow down an attacker’s progress should s/he gain access.
With as many different types of attackers, attack methods, and attack vectors as exist today, placing controls at various points throughout the network provides redundancy if another control should fail or is compromised.
In a defense in depth strategy, each defensive “obstacle” (e.g., firewall, authentication, network-based IDS) between the attack and the target (data, system, application, etc.) is unique and increases the probability of detection. A defense in depth strategy is not just technology-based however; it is a combination of people, process, and technology. A well-informed insider is perfectly positioned to take advantage of systems and data to which s/he has legitimate access, and an attacker who can successfully phish or socially engineer an employee can subvert systems much more easily with stolen network credentials. Therefore, organizations looking to implement defense in depth should not only consider the technology infrastructure and its weaknesses, but should frequently review and update policies and provide regular user awareness training for employees, contractors, and partners.