Cybersecurity 101: What is Defense-in-Depth?

Defense-in-depth is the term that we use to describe a strategy of defense that assumes attackers will evade or bypass some of the security mechanisms put in place to stop them. Attackers are clever human beings, and when they encounter impediments to their work trying to break into a network, they sometimes find ways to get around those. That's why it's important not just to have one layer of protection or one layer of defenses protecting your sensitive data. It's important that if attackers get past, let's say, a password in order to log in remotely, that they don't then have free range to do anything they want on the network. Therefore, the defenses that you put in place should assume if an attacker is gotten past one point of defense, that there is something else to catch them. One of those pieces of defense-in-depth that's very important, is someone monitoring your logs to make sure that if an attacker does get through, anything that they do after that in terms of trying to gain access to other systems, elevate their privileges by getting an administrator account, or running unusual scripts or programs, gets detected by an analyst and responded to in a timely manner to keep that attacker from doing any more harm.

Видео Cybersecurity 101: What is Defense-in-Depth? канала Binary Defense