Defense in Depth
Defense in depth is a security strategy that employs multiple layers of security controls to protect information and resources across an organization.
- each layer is intended to slow an attack’s progress, rather than eliminating it outright
- so you’ll notice the attack and have enough time to prevent it
- made up of many security controls:
- logical security controls governing access management
- deception/honeypot strategies
- identity and access management (IAM)
- endpoint security
Endpoint security is a set of procedures and technologies designed to:
- restrict both remote and local network access at a device level
- ensure that each endpoint device is hardened to mitigate vulnerabilities
Replaces The Old Security Paradigm
The perimeter security model focuses on the boundary between the public and private network and trusts everything that has connected via internal switches.
- focuses on firewalls that establish a secure barrier at the network perimeter
- designed to subject any connections between the internal private network and external public or third-party networks to access controls
Layers
Important
Layers used in your defense-in-depth strategy will vary given the situation and environment you’re defending.
- Physical
- Network
- Host
- Application
- Data
- Policies
Example Defenses by Layer
| Layer | Defensive Measures |
|---|---|
| External Network | DMZ VPN Logging Auditing Penetration Testing Vulnerability Analysis |
| Network Perimeter | Firewalls Proxy Logging Stateful packet inspection Auditing Penetration testing Vulnerability analysis |
| Internal Network | IDS IPS Logging Auditing Penetration Testing Vulnerability analysis |
| Host | Authentication Antivirus Firewall IDS IPS Passwords Hashing Logging Auditing Penetration Testing Vulnerability Analysis |
| Application | SSO Content filtering Data validation Auditing Penetration testing Vulnerability analysis |
| Data | Encryption Access controls Backups Penetration testing Vulnerability analysis |
Additional Components Examples
- Physical Security: Physical barriers, surveillance, and controls to restrict physical access to critical infrastructure.
- Perimeter Security: Firewalls, intrusion detection/prevention systems (IDPS), and edge filtering to protect the network perimeter.
- Network Security: Internal firewalls, network segmentation, and secure protocols to protect data in transit.
- Endpoint Security: Antivirus software, endpoint detection and response (EDR), and patch management on individual devices.
- Application Security: Code reviews, secure development practices, and application firewalls to protect against vulnerabilities in software applications.
- Data Security: Encryption, data masking, and access controls to protect data at rest, in transit, and during processing.
- Identity and Access Management (IAM): Multi-factor authentication, single sign-on, and role-based access controls to manage who can access what within the environment.
- Monitoring and Incident Response: Continuous monitoring, logging, and a prepared incident response plan to identify and respond to threats in real-time.
- Security Policies and Procedures: Documentation and training that outline the proper methods for maintaining security, including incident response plans and user training.
- User Awareness and Training: Educating employees about the risks and their role in maintaining a secure environment.