Call: 1300 422 542

cybersecurity layers

What is Defense in Depth (DiD)?

Defense in depth is the use of multiple cybersecurity strategies so that if one security control fails, the entire system is not immediately compromised. It uses multiple layers of security mechanisms and is also known as “layering”.

The assumption is with some effort any single security measure can be bypassed, and designing with that in mind.

In a way, it’s an example of “don’t put all your eggs in one basket”.

 

Common Security Layering Designs

One starting point is combining network security (such as network intrusion detection), with endpoint security (such as anti-virus).

Anti-virus likely won’t detect unusual device-to-device communication, while network intrusion detection won’t see anything that doesn’t leave the device.

 

Email Security Model

A more involved security layering or Defense in Depth design is the email security model – how can we protect our business from malicious email?

Using an example of an email with a malicious link, successive layers can be:

Steps taken

Protective measure used

Check email authenticity sender’s published policy
Check sender reputation Public reputation lists
Check message text content for patterns Spam filtering
Check message for malware Gateway Antivirus
User decides if message is genuine and whether to click Security Awareness
Check link Safelinks
Check site with web policy Firewall

 

To sum up, we prevent the delivery of a malicious message into the user’s inbox in the first place if possible.

If the message gets into the users’ inbox, we rely on their Security Awareness Training.

If that fails, then web browsing controls are the next line of defense, and so on.

Other examples can be physical access controls: combining access cards (so only authorized users can get in) with turnstiles (to dissuade tailgating) and security guards (to monitor for violations of the previous controls).

 

How to Diversify For Stronger Security

Using multiple security layers results in a stronger security posture. The various security controls complement the others’ failures and decrease the likelihood of a compromise.

If you are in a position to diversify your security controls yourself then you should have a look at the options available for your security requirements.

Calibre One offers a wide range of managed security services, including MS365 security enhancements, security awareness training, and network and endpoint security monitoring and protection.

Share This Post
Share on facebook
Share on linkedin
Share on twitter
Share on email
Subscribe To Our Newsletter

More To Explore

Calibre One EOFY Awards 2021
Events

EOFY Awards 2021

At Calibre One, we are as dedicated to our core values as we are to the growth and happiness of our staff. Our annual End

Read More »
Windows 11 New Features
Office365

Introducing The New Windows 11 and the Top Features!

Are you prepared for the new Windows 11 rollout? In this blog, we uncover some of the most exciting new features and how to best migrate your current version of Windows 11 over. Learn more about our favorite new features, and our tips for migration and adoption.

Read More »

Find out what our team can do for your business.