Defense-in-Depth Strategies From Technical Control Perspective

 

Defense-in-Depth (DiD) is still relevant in today’s landscape based on the core belief that a single layer of defense mechanism is inadequate to defend an organization against various threats. Let's take a look at DiD from the standpoint of technical controls.

• Layering - Layering involves setting up different layers of protection, creating multiple defenses that work together to thwart attacks. 

Example: Deploying network firewall between border router and IPS 

• Limiting - Limiting access to data and information via Segregation of Duties. Each user has their own level of access required to do their job. 

Example: Limiting user privilege on NAS storage or setting up file permissions to read-only 

• Diversity - The layers must be different so that if one layer is penetrated, the same technique will not work on all the others which would compromise the whole system. This caan be achieve by using security solutions from different vendors. 

Example: Implementing Brand A firewall as tier 1 and Brand B firewall as tier 2

• Obscurity – Obscurity adds an element of "secrecy". This can be achieve by introducing obscurity to the security architecture and information. 

Example: Concealing Operating System identity or concealing server MAC address