Defence in depth is all about layers

Defence in depth – as malware gets worse there is strength in layers

The term defence in depth has its origins in the military, where layers of defense—each with different capabilities—protect each other, and the core.

If there’s one thing Canadians know it is the value of layers. As cyber attacks continue to grow at an alarming rate, Canadian businesses that are looking for protection from the ransomware and botnets can look to how they dress for the winter for inspiration.

For larger organizations, IT security often involves an entire team dedicated to both physical and virtual security. For these types of security teams, having multiple layers of security is standard procedure; but what about smaller organizations? If you think having a multi-layered approach to security is out of your reach, let’s talk about defence in depth and the role of the DNS.

What is “defence in depth”?

The term defence in depth has its origins in the military, where layers of defense—each with different capabilities—protect each other, and the core. In the case of a DNS firewall, it exists as a first layer of protection outside the organization and might be compared to air cover over a battlefield. It has a unique perspective, vital early threat detection capabilities, and can respond to a potential compromise before it even reaches your network.  

Why do I need it?

With a massive upward trend of connected devices and the challenges raised by shadow IT, a defence in depth strategy is essential to any organization that relies on their network for business operations. As malware has become more profitable, hackers have adopted a more aggressive multi-vector strategy to compromise your network. The only way to combat this is to deploy multiple tools, often from more than one vendor, to ensure that each layer is sufficiently independent and secure. Because every vendor has a different approach to how they analyze and respond to threats, ensuring you aren’t relying on any one philosophy exclusively increases your chances of fending off attacks. No matter what type of analysis you run, different solutions have different efficacy.

Common attack vectors and their motivation (source: Nominum Data Science)

What layer is the best?

When defining failure, there should be a very low bar. The worst-case scenario for most cyber attacks is no longer just a loss of productivity or a short outage. While a system may be back up and running in short order, the long-term repercussions of what may now be lying dormant on your network is the real threat. This is why each layer of your defence in depth strategy has an important role to play.

In a zero-day situation, different vendors respond at different times and the ability for the solution to be deployed in the wild also varies. Take a cloud-based firewall (our area of expertise). In this instance, the vendor can update the entire system at once and this occurs without the involvement of local IT staff. However, this type of solution defends against specific types of malware and phishing attacks and while fast covers only part of the IT risk.

There is no "best" layer because together they all work to help mitigate the worst-case scenario - when everything appears fine, but horrors are lurking underneath.

Get the solution brief

Now that you have a basic understanding of why a defence in depth scenario is important, we invite you to download our short whitepaper.  This report provides more detail on the defence in depth strategy with a focus on end-point security (i.e. protecting the user) and highlights some re-life scenarios and some metrics on different solutions and how they perform (registration required).

Blog navigation