defense in depth

Defense in depth is the coordinated use of multiple security countermeasures to protect the integrity of the information assets in an enterprise. The strategy is based on the military principle that it is more difficult for an enemy to defeat a complex and multi-layered defense system than to penetrate a single barrier.

Defense in depth minimizes the probability that the efforts of malicious hackers will succeed. A well-designed strategy of this kind can also help system administrators and security personnel identify people who attempt to compromise a computer, server, proprietary network or ISP (Internet service provider). If a hacker gains access to a system, defense in depth minimizes the adverse impact and gives administrators and engineers time to deploy new or updated countermeasures to prevent recurrence.

Components of defense in depth include antivirus software, firewalls, anti-spyware programs, hierarchical passwords, intrusion detection and biometric verification. In addition to electronic countermeasures, physical protection of business sites along with comprehensive and ongoing personnel training enhances the security of vital data against compromise, theft or destruction.

This was last updated in June 2007

Next Steps

Before building a defense in depth strategy for your organization, gain a better understanding of network security basics in this Buyer's Guide seeries feature.

Solid network security measures are essential to building a defense-in-depth strategy. In this buying guide series feature, learn best practices for buying the right network security products for your enterprise.

Continue Reading About defense in depth

Dig Deeper on Network security