Ericka Chickowski Posted on 9/29/2014
Defense-in-depth is often poorly executed when architecture is not carefully considered.
As the security industry struggles with the precision and persistence of targeted attacks, the recommended best-practice talisman wielded by many an expert is the idea of "layered security" or "defense-in-depth." Generally, the practice is described as setting up multiple layers of protection similar to chain mail going underneath a suit of armor. If one piece of protection misses one threat, another will block it instead.
Unfortunately, even with many millions of dollars worth of layers at play, defense-in-depth often doesn't work nearly that cleanly.
"Layered security is good. It gets security products into your machine, but it doesn't necessarily mean you're secure or any better off," says Rahul Kashyap, chief security architect at Bromium. "You have to look at it from an architectural point of view. For example, if every layer in your defense is using signatures, then you have the same architectural weaknesses, fundamentally."
DarkReading/ full article here/ https://community.webroot.com/t5/forums/postpage/board-id/news
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.