Home > Cybersecurity glossary > Defence in depth 🟒 Protection

Defence in depth 🟒 Protection

A defence in depth is a strategy of cyber security which consists of superimposing several layers of protection to secure systems, networks and data.

It aims to slow down, detect and neutralise attacks even if one of the barriers is bypassed. Inspired by military tactics, it is based on the principle that no security measure is infallible.

 


🎯 Objective

 

  • Reducing risks by multiplying the obstacles for an attacker
  • Limiting the impact of an intrusion by isolating critical components
  • Protect assets (data, infrastructure, users) at all levels: network, application, physical, human

 


πŸ”§ Tools and technologies

 

Layer Examples of tools
Network Firewalls (firewalls), network segmentation, intrusion detection systems (IDS/IPS)
Endpoint Antivirus, EDR (Endpoint Detection and Response), access control
Authentication MFA (Multi-Factor Authentication), identity management (IAM)
Data Encryption (AES, TLS), secure backups, DLP (Data Loss Prevention)
Monitoring SIEM (Security Information and Event Management), behavioural analysis (UEBA)
Human Antiphishing, security policies clear

 


Examples

 

  1. Company : use of a firewall + MFA + regular audits + offline backups.
  2. Hospital network segmentation (separation of medical equipment and admin workstations) + encryption of patient files.
  3. Bank Real-time anomaly detection (SIEM) + phishing simulations for employees.

 


Implementing defence in depth

 

  1. Inventory identify critical assets (data, servers, users)
  2. Risk analysis Assessing threats (e.g: ransomwarehuman error)
  3. Layering :
    • Prevention firewalls, antivirus, MFA
    • Detection IDS/IPS, 24/7 monitoring
    • Response Incident recovery plan (PRA), insulation of compromised systems
  4. Regular tests : pentestscrisis simulations
  5. Raising awareness : ongoing training for employees (e.g. how to recognise a fraudulent e-mail)

 


Why does it work?

 

  • Reduces the attack surface A pirate has to cross several barriers
  • Complicates exfiltration even in the event of an intrusion, data is encrypted or isolated
  • Adaptability can incorporate emerging technologies (AI, Zero Trust)

 

⚠️ Limit : Management complexity (requires coordination between IT, legal and operational teams).

Towards the ORSYS Cyber Academy: a free space dedicated to cybersecurity