What is defense in depth (layered security)?

Defense in depth—or layered security—is an IT data protection and security strategy using hardware, software, people, and processes to mitigate threats such as ransomware and disasters.

It inherently incorporates redundancy, enabling organizations to prevent any single point of digital failure. According to the U.S. National Institute of Standards and Technology (NIST), defense-in-depth security establishes “variable barriers across multiple layers and dimensions of the organization,” ensuring that attacks or disturbances missed by one layer are caught by another. Because no single technology, person, or team can protect all organizations and their data from every threat or human error it may face, it’s now incumbent upon leaders to invest in layered security to empower their organizations to maintain cyber resilience.

How does layered security work?

Layered security works by putting multiple security measures between an attacker or threat and an organization’s computing systems and data assets.

Picture seven individual security layers deployed in concentric circles around an organization’s data, each layer in the image offering a strong, yet unique defensive blockade. The goal of each is to limit what a disruptive event or attacker can accomplish, even if it gains access to that layer.

Layered security defense is often compared to a medieval castle because anyone wanting to penetrate the castle had to get past multiple safeguards: the moat, ramparts, drawbridge, high towers, and archers.

Layered security is necessary for multiple reasons. First, a growing number of employees are accessing their organization’s network and data from a variety of locations as part of a remote or connected workforce. As a result, many more conduits are available for non-authorized and non-essential parties to access an organization’s sensitive data. In addition, cyber threats such as ransomware continue to evolve. Not long ago, cybercriminals would delete an organization’s backup data and encrypt the production data. They then held organizations hostage in a sense, refusing to release the data until a ransom was paid.

In the latest version of ransomware, cybercriminals deploy a double-extortion scheme, encrypting an organization’s production and backup data while simultaneously stealing its confidential data. They then threaten to publish this data on the dark web unless the organization pays a ransom.

What are the benefits of layered security?

Simply put, if one security barrier fails to block a disruption or security breach, another layer of security is available to block it. This type of redundancy means organizations can compensate for any weaknesses in one security control or method. It also means enterprises are better protected against many disruptions and threats.

Organizations adding defense-in-depth capabilities can boost business outcomes, including the following:

• Strengthen cyber resilience — Teams that set up strong protections within and across their IT environments can more effectively counter ransomware attacks, avoid paying ransom, and prevent data exfiltration through double-extortion ransomware schemes.
• Minimize risk — Organizations with the ability to rapidly recover data in the event of an unexpected disruption—whether it occurs from a natural or human disaster—lower their risk of revenue loss and non-compliance with industry and government regulations.
• Maintain customer loyalty and satisfaction — Organizations that prevent customer data from being compromised are more likely to keep customers happy than those reporting breaches.

What are the types of defense in depth?

Organizations implementing defense-in-depth strategies will want to put in place specific types of defense-in-depth protections at each of the seven security layers. These may vary by organization, depending on business needs and compliance requirements.

Layer 1: Human — The best protection at this layer is for organizations to cultivate a culture in which employees know what they can and should do to practice and enforce strict cybersecurity. Policies, procedures, and security awareness training about storing and accessing data are essential at this layer. These are commonly bolstered by security measures such as administrative controls, role-based access controls (RBAC), single sign-on (SSO), and multifactor authentication (MFA).

Layer 2: Physical — At this layer, teams add protection against unauthorized physical access to assets such as buildings, manufacturing plants, and data centers. These protections may include security guards, biometrics, fire suppression, and more.

Layer 3: Perimeter — Organizations seeking to better safeguard against unauthorized digital access at the vulnerable perimeter often add a next-generation firewall, conduct vulnerability and penetration testing, add denial-of-service prevention solutions, and more.

Layer 4: Internal network security — At this layer, security teams set out to bolster the protection of the organization’s internal network infrastructure such as adding encryption for data in-transit, outbound web filtering, four eyes (or two people) root-level system changes, micro-segmentation, and more.

Layer 5: Host — At the host layer, organizations rely on the platform operating system and workload protections such as automated patching and endpoint antivirus and malware detection.

Layer 6: Applications — At this sensitive layer, organizations add even more granular security, including artificial intelligence- and machine learning-powered (AI/ML) anomaly detection, the principle of least privilege, data encryption and key management, as well as application logging.

Layer 7: Data — Organizations protect their most important asset in the digital era—their data—by adding AI-powered detection, strong security access controls, encryption of data at rest, and by separating the data layer from the rest of the infrastructure.

How effective is a defense-in-depth strategy?

A defense-in-depth strategy inherently incorporates redundancy, enabling organizations to prevent any single point of failure in their digital environment. Layered security, in addition to automation and AI/ML, also helps identify anomalies before they negatively impact user experiences. By layering in a series of defensive mechanisms, organizations enhance the security of their overall systems, applications, networks, and infrastructures—and increase the chances of protecting valuable data from unauthorized access. With a defense-in-depth strategy, businesses also reduce the likelihood of paying ransom, losing revenue, undermining customer loyalty, and compromising brand trust.

Cohesity and layered defense and security

As ransomware attacks become more sophisticated and intrusive, the amount of ransom demanded and overall costs associated with them are increasing significantly. As a result, more organizations are adopting Zero Trust data security strategies. This approach only grants access to an organization’s users, assets, and resources once the identity and authenticity of that person, system, network, or service can be validated.

While Zero Trust data security is important, a multilayered, defense-in-depth strategy going beyond it is also required to protect data in today’s dynamic, digital business world. Cohesity empowers organizations to safeguard their data in line with a defense-in-depth strategy.

By incorporating four key pillars, the Cohesity Threat Defense architecture keeps organizations ahead of cybercriminals and threats and helps prevent disruption due to unexpected events.

• Data resilience: Capabilities such as immutability, encryption, and fault tolerance help organizations’ data withstand ransomware attacks and other risks.
• Access control: To address the risk posed by weak user passwords and insider threats, the architecture incorporates multifactor authentication, granular role-based access control, and continuous monitoring and auditing, for instance.
• Detection and analytics: Capabilities in this pillar include source-side data anomaly detection, data classification, AI-powered adaptive behavioral analytics, and near-real-time threat detection
• Extensibility: Seamless data security integrations with leading security tools from a wide range of cloud, data classification, endpoint, identity, and security information and event manager (SIEM) and Security Orchestration, Automation, and Response (SOAR) vendors further help organizations protect their data.

Cohesity’s multilayered data security architecture enables a defense-in-depth security strategy for any organization looking to boost cyber resilience.