A defence in depth is a strategy of cyber security which consists of superimposing several layers of protection to secure systems, networks and data.
It aims to slow down, detect and neutralise attacks even if one of the barriers is bypassed. Inspired by military tactics, it is based on the principle that no security measure is infallible.
π― Objective
- Reducing risks by multiplying the obstacles for an attacker
- Limiting the impact of an intrusion by isolating critical components
- Protect assets (data, infrastructure, users) at all levels: network, application, physical, human
π§ Tools and technologies
Layer | Examples of tools |
---|---|
Network | Firewalls (firewalls), network segmentation, intrusion detection systems (IDS/IPS) |
Endpoint | Antivirus, EDR (Endpoint Detection and Response), access control |
Authentication | MFA (Multi-Factor Authentication), identity management (IAM) |
Data | Encryption (AES, TLS), secure backups, DLP (Data Loss Prevention) |
Monitoring | SIEM (Security Information and Event Management), behavioural analysis (UEBA) |
Human | Antiphishing, security policies clear |
Examples
- Company : use of a firewall + MFA + regular audits + offline backups.
- Hospital network segmentation (separation of medical equipment and admin workstations) + encryption of patient files.
- Bank Real-time anomaly detection (SIEM) + phishing simulations for employees.
Implementing defence in depth
- Inventory identify critical assets (data, servers, users)
- Risk analysis Assessing threats (e.g: ransomwarehuman error)
- Layering :
- Prevention firewalls, antivirus, MFA
- Detection IDS/IPS, 24/7 monitoring
- Response Incident recovery plan (PRA), insulation of compromised systems
- Regular tests : pentestscrisis simulations
- Raising awareness : ongoing training for employees (e.g. how to recognise a fraudulent e-mail)
Why does it work?
- Reduces the attack surface A pirate has to cross several barriers
- Complicates exfiltration even in the event of an intrusion, data is encrypted or isolated
- Adaptability can incorporate emerging technologies (AI, Zero Trust)
⚠️ Limit : Management complexity (requires coordination between IT, legal and operational teams).