Call: 1300 422 542

Defense in Depth

cybersecurity layers

What is Defense in Depth (DiD)?

Defense in depth is the use of multiple cybersecurity strategies so that if one security control fails, the entire system is not immediately compromised. It uses multiple layers of security mechanisms and is also known as “layering”.

The assumption is with some effort any single security measure can be bypassed, and designing with that in mind.

In a way, it’s an example of “don’t put all your eggs in one basket”.


Common Security Layering Designs

One starting point is combining network security (such as network intrusion detection), with endpoint security (such as anti-virus).

Anti-virus likely won’t detect unusual device-to-device communication, while network intrusion detection won’t see anything that doesn’t leave the device.


Email Security Model

A more involved security layering or Defense in Depth design is the email security model – how can we protect our business from malicious email?

Using an example of an email with a malicious link, successive layers can be:

Steps taken

Protective measure used

Check email authenticity sender’s published policy
Check sender reputation Public reputation lists
Check message text content for patterns Spam filtering
Check message for malware Gateway Antivirus
User decides if message is genuine and whether to click Security Awareness
Check link Safelinks
Check site with web policy Firewall


To sum up, we prevent the delivery of a malicious message into the user’s inbox in the first place if possible.

If the message gets into the users’ inbox, we rely on their Security Awareness Training.

If that fails, then web browsing controls are the next line of defense, and so on.

Other examples can be physical access controls: combining access cards (so only authorized users can get in) with turnstiles (to dissuade tailgating) and security guards (to monitor for violations of the previous controls).


How to Diversify For Stronger Security

Using multiple security layers results in a stronger security posture. The various security controls complement the others’ failures and decrease the likelihood of a compromise.

If you are in a position to diversify your security controls yourself then you should have a look at the options available for your security requirements.

Calibre One offers a wide range of managed security services, including MS365 security enhancements, security awareness training, and network and endpoint security monitoring and protection.

Share This Post
Subscribe To Our Newsletter
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

More To Explore

In The Media

2 Great Companies Come Together

A sign of further consolidation in the Australian ICT channel as Brisbane’s Azentro buys Adelaide’s Calibre One. The enlarged group, with combined sales of $A35m

Read More »

Find out what our team can do for your business.

Let us know how we can help

Contact Us
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.