Back to glossary

Defense in Depth

A security strategy that uses multiple layers of defense to protect an organization's assets, ensuring that if one control fails, others are in place to stop the attack.

AbbreviationDiD
Categorysecurity

Overview

Defense in Depth is based on the principle that no single security measure is foolproof. By implementing a series of overlapping security controls, organizations can significantly increase the difficulty and cost for an attacker to succeed.

The Layers of Defense

  • Physical Security: Locks, cameras, and guards.
  • Network Security: Firewalls, IDS/IPS, and network segmentation.
  • Endpoint Security: Antivirus, EDR, and host-based firewalls.
  • Application Security: Secure coding, WAFs, and vulnerability scanning.
  • Data Security: Encryption, hashing, and DLP.
  • Identity and Access Management: MFA, RBAC, and strong password policies.
  • Administrative Controls: Policies, procedures, and security awareness training.

Importance

DiD provides resilience against a wide range of threats, including zero-day exploits, insider threats, and human error.

Related Terms

Security ArchitectureSecurity by Design