Defence in depth is an approach to IA. It derives its inspiration from the military strategy with the same name. In this article, we explained what defence in depth involves and why it is useful for your organization.
Defence in depth (also referred as Castle Approach) is an approach to information assurance. The most prominent feature of this approach is its multiple layers of defence. The defence in depth concept involves setting numerous security controls throughout the systems of your organization. The aim of this AI approach is providing extra layers of protection. With this approach, security vulnerabilities across various elements of the system are addressed individually. In other words, all features of your organization are protected –including but not limited to: personnel, operations, and technology. Deemed as a ‘comprehensive approach’ by National Security Agency, defence in depth is designed to provide a strong protection against elaborate attacks that utilize more than one technique in order to penetrate through your security measures.
The idea behind defence in depth is a military tactic which mainly aims to delay enemy forces instead of stopping them altogether. In military world, this strategy is utilized to buy some time while waiting for the support. Within the framework of information assurance, defence in depth keeps the attackers busy long enough, so that your IT team can notice them.Additionaly, it might be benefical for you to check components of information security in order to understand take a closer look at information security.
What are the three areas of defence in depth?
Defence in depth can be split into three different areas also known as ‘controls.’ Below you can find detailed information regarding each of them.
As the name suggests, physical controls refer to almost anything that limits intruders to access to your IT systems physically. Fences, password protected doors, security guards, CCTV systems and such measures can be considered as physical controls.
Technical controls consist of various software and hardware designed and/or adopted for protecting your systems and networks. There are so many alternatives to technical controls. We can consider data encryption, password protection, fingerprint or retina readers and such as technical controls. Hardware technical controls can be confused with physical controls.
The difference between them is the fact that physical controls block the access to the systems themselves such as servers whereas hardware technical controls aim to hinder the access to information within the systems.
The purpose of administrative controls is making sure that the regulations are met and all the staff is informed about the security measures and their role within these measures. Administrative controls include policies, protocols and procedures. They can cover and/or govern the procedures regarding hiring new employees, data storage and such.
Why is defence in depth useful?
Having more than one layer of security makes your valuable data safer. If one or more of your defence mechanisms are breached, there are several more to slow down the attackers. Hindering the attackers means buying more time for your IT team to contain and stop the ongoing threat. Moreover, it is no secret that the hackers and cyber attackers develop more elaborate techniques to sneak into your systems. Often, they utilize more than more strategy in order to find their way in. Since more layers of defence require more strategies and/or tools, adopting defence in depth enhances the security posture of your organization significantly. AI supported security measures, SOAR and SIEM allows cyber security professionals to have holistic approach to cyber security.
What is vulnerability management? Why you need it? What components does an efficient vulnerability management tool have?
Alerts are one of the most important information sources for cyber security.