Defense in Depth

3 min readJul 12, 2021

Defense in depth, or DiD is a former military term that has made its way into the cybersecurity lexicon.

Defense in depth refers to placing layers of defenses between an attacker and their target, rather than relying on one single line of defense.

The concept of defense in depth is as relevant to modern cybersecurity as it is to putting up walls and minefields, and, in today’s article, we’ll be taking a closer look at the subject.

What Exactly Is Defense in Depth

At its simplest level, defense in depth means putting multiple layers of defenses around a vulnerable target. In 2020 alone there were 1,120 data breaches that resulted in the leaking of 20,120,074,547 personal records.

These data breaches did not all involve the same methods or tactics. Verizon found that 45% of breaches featured hacking, 17% involved malware and 22% involved phishing.

Given the number of methods that modern cyber criminals use to attack their targets, relying on a single line of defense just doesn’t work. The number of data breaches over the course of one year make that very clear.

Much like guarding a castle with multiple sets of walls, a moat, a drawbridge, and soldiers, a cyber security defense in depth strategy uses layers of security systems to ward off multiple avenues of attack.

How Does Defense in Depth Work

Defense in depth works by providing multiple overlapping security protocols and systems that constantly work together to close off the avenues that most cyber criminals use.

Protecting just one avenue of attack is almost pointless in the modern cyber security ecosystem. Modern cybercriminals are constantly changing and updating the way that they attack their targets.

In 2020, 94% of malware was delivered by email, the number of attacks on IoT devices tripled, nearly 11,000 malicious mobile apps were blocked every day, and there were an estimated 304 million ransomware attacks.

In the face of this constant barrage of attacks, companies need a comprehensive security system that allows them to cover all angles.

What Are the Elements of Defense in Depth?

While the exact structure of a defense in depth system depends on the specific company’s use case, there are some basic elements that are common to most strategies

Network Security

Network security consists of firewalls or intrusion detection and prevention systems that control exactly who can access your network.

These systems generally use a specific set of authorizations and security rules to judge whether traffic on the network is a security threat or not and respond accordingly.

Application Security

Application Security capabilities — such as antivirus programs — are used to protect against malicious software such as viruses and malware.

There are two general types of antivirus programs.

The more common type of antivirus program uses signature-based detection, looking for the digital fingerprint of known malicious programs.

The other, more advanced forms of antivirus uses both signature-based detection and heuristic scanning patterns that actively look for suspicious activity.

Data Security

Data security focuses on both the integrity and confidentiality of data under the control of an organization. A data integrity analysis program checks the integrity of each file on your system by looking at what is called a ‘checksum’. The checksum shows how frequently a file is used and what source it came from.

Data integrity analysis programs check this data against a list of known viruses and malware programs to try and proactively prevent malicious software from getting a foothold in your environment.

Data confidentiality is primarily accomplished through encryption. As mentioned in the cryptography post, encryption uses a key to convert plain text (human readable) into ciphertext (unreadable). The ciphertext is only accessible via users who have possession of the decryption key.

User Security

If the three examples above are the walls of your digital castle, then user security represent guards patrolling those walls.

Operating behind your firewalls and antivirus programs, user security and behavioral analytics programs look for certain file and network behaviors that deviate from baseline operations and that can indicate that a breach has occurred or is in progress.

When a potential breach is detected, the program takes actions to secure the system and alert the correct people.

Digital Defense in Depth

Given the myriad cybersecurity threats facing businesses today, it is unsurprising that new ways of defeating that barrage of attacks they experience daily are always under development.

Defense in depth gives companies multiple layers of security to cope with the multi-faceted threats that they are facing.