2023 OWASP API Security Top 10 Best Practices
After four long years since the original…
Defense in Depth (DiD) is a cybersecurity strategy that involves deploying multiple types of defensive layers. The underlying theory holds that digital assets will be better protected if a malicious actor has to penetrate more than one barrier to succeed in an attack. This article explores how DiD works.
The cybersecurity profession borrowed the concept of DiD from the military, which has historically created multiple physical perimeters around a target. A medieval castle, for example, had a moat, high stone walls, special windows designed for shooting arrows, and walkways atop the walls where defenders could pour boiling water on anyone climbing up the walls. The moat, the walls, the arrows—each was part of a defense-in-depth strategy. On their own, they might not work well, but collectively, they created a strong defensive barrier.
So it is in cybersecurity, give or take. An attack target, like a database, has a depth of defenses that include physical barriers against manipulation of hardware, network access controls, passwords, and threat detection systems. These are the equivalent of a military’s concentric perimeters. As a whole, these countermeasures create better security than they would on a standalone basis. That’s DiD.
There is no single, standardized way to implement DiD. It’s dynamic, changing as newer methods arise and workload requirements change. Different workloads and organizational security priorities will dictate how a security team will set up its DiD architecture. In general, though, DiD usually works through a combination of the following types of controls:
DiD takes shape as security managers apply the controls outlined above according to the dominant principles of cybersecurity. These are the core elements of DiD:
Some people describe DiD as “layered security,” but while each area of DiD protection might be referred to as a layer, the term ‘layered security’ means something different in cybersecurity circles. Layered security refers to deploying multiple security tools to address a single area of security. For example, a firewall and an intrusion prevention system (IPS) both block unwanted access, but they achieve this goal in different ways. Each is a layer of security that works against network penetration.
Integrated security is an approach to cybersecurity that relies on connecting multiple security tools to achieve more effective overall threat detection and response. An integrated security model could complement a layered security architecture, connecting different layers into a coherent stack.
For example, firewalls and antivirus software can be integrated with a security incident and event management (SIEM) solution. The SIEM ingests and analyzes data from the firewall and antivirus software to detect threats that neither tool saw on its own. The SIEM may also be integrated with incident response platforms, such as security automation, orchestration, and response (SOAR)—enabling better responses to attacks than are not possible with piecemeal or overly manual processes.
DiD, layered security, and integrated security should not be isolated security strategies. Rather, it is optimal if they are designed to work together. DiD may comprise a layered security architecture, with different layers integrated with one another for more powerful security capabilities overall. The underlying principles remain the same, no matter how the security architecture is set up: The more countermeasures standing between the target and the attacker, the more likely it will be that the attacker fails. That’s the enduring objective of defense in depth.
Experience the speed, scale, and security that only Noname can provide. You’ll never look at APIs the same way again.