Defense In Depth Principle

blue tunnel

Defense in Depth is a cybersecurity strategy that focuses on a series of defensive mechanisms, so that for an attacker to get to the assets they’re looking for it would require multiple breaches and ample detection opportunities.

The notion of defense in depth originates from the ancient military strategy of the same name, which was famously used by Carthaginian general Hannibal Barca and the Late Roman army. The main gist of this battle tactic was to slow down the advance of an attack instead of focusing all available manpower in one strong line of defense.

The general idea is that we consider five security layers:

    • data protection
    • access measures
    • system monitoring
    • endpoint protection
    • network protection

    and three control layers:

    • physical controls
    • technical controls
    • administrative controls.

    This analysis leads to the usage of different tools and procedures to enforce security of a system:

    • antivirus software
    • intrusion detection and prevention system
    • network segmentation
    • patch management
    • password security
    • privileged access management
    • cybersecurity education

    While many of these apply to infrastructure and tools, some of them influence architecture and application features. For example, authenticated users who want to change their authentication data or mechanism should be required to authenticate first, and receive notifications whenever such a change happens. This is a feature in products following the privileged access management technique.

    Scroll to Top