article featured image


Defense in depth is a cybersecurity strategy that uses a variety of security measures to safeguard an IT infrastructure. The purpose is to protect against a wide range of threats while integrating redundancy in the case of one system failing or becoming vulnerable to exploits.

Key Takeaways

  • Layered protection is key in defense in depth.
  • Components include antivirus, firewalls, intrusion prevention, network segmentation, patch management, passwords, privileged access management, and education.
  • Next-gen antivirus combines antivirus and firewall for better protection.
  • Cybersecurity education is crucial for staff awareness.

Defense-in-Depth Architecture

In cybersecurity, defense in depth functions on a layered architecture that is divided into two main categories.

The are the control layers (physical controls, technical controls, and administrative controls) and security layers (data protection, access measures, system monitoring, endpoint protection, and network protection).

You can read here a more in-depth article about the defense in depth layers.

Building an Defense-in-Depth Cybersecurity Strategy

In this section, I will go over the main elements that go into the concept of DiD.

Antivirus Software

Antivirus software is the cornerstone of a holistic defense in depth cybersecurity strategy due to its ability to not only prevent but also detect and remove malware. While initially designed to combat computer viruses only (hence its name), nowadays an antivirus is a jack of all trades, defending users from Trojans, worms, spyware, adware, and other common examples of malicious code.

A firewall is another essential piece of a successful approach to defense in depth that goes hand in hand with antivirus software nowadays. A firewall monitors both incoming and outgoing network traffic, detecting malicious activity according to a predetermined set of rules.

You might be wondering why I chose to mention both these elements under one section by now. The reason for this is simple: today’s next-generation antivirus (NGAV) software, such as our Heimdal® Next-Gen Antivirus, Firewall and MDM, usually integrates both. Using an NGAV eliminates the need for separate modules of traditional antivirus and firewall, combining the benefits of the two and more under one convenient roof for better endpoint protection.

Intrusion Prevention System

An intrusion prevention system (IPS) is a security component that monitors network traffic, preventing and detecting malicious activity. It sits directly behind the firewall and creates an additional layer of security that catches any threats that the initial barrier might have missed.

As opposed to a simple intrusion detection system (IDS), the IPS does more than just set off alarms when threats are spotted. It can also block traffic from the source, reset the connection, and drop the malicious packets. For this reason, it is also known as an intrusion detection and prevention system (IDPS).

A practical example of how this works is our Heimdal DNS Security – Network cybersecurity solution, specifically the Network module. Heimdal™ Threat Prevention filters online network perimeter traffic at the level of the DNS, preventing, detecting, and responding to incoming cyber-threats promptly.

What is more, the module tracks the history of threats that were previously unidentified, but become identified. This is critical in the detection and prevention of traffic-sniffing attacks. In addition to this, our solution keeps the network perimeter safe when employees bring in their personal and potential devices as permitted by the office BYOD policy.

Network Segmentation

While we’re on the topic of the online network perimeter, another element of defense in depth strategy to consider integrating is network segmentation. The term refers to an IT practice that involves splitting a large network into multiple subnetworks that are focused on various business needs. For example, your company can have a network for human resources, one for the finance department, one for C-level execs, and so on.

Network segmentation can be implemented through either physical or logical methods. In the case of the former, the firewall can act as the subnetwork gateway to control incoming and outgoing traffic. The latter relies on network addressing schemes or virtual local area networks (VLAN). It is more effective than its counterpart, but also requires a lot more technical resources.

Patch Management

Patch management is a process that first involves scanning devices to identify missing software updates and vulnerabilities. Subsequently, the procedure continues by applying said updates to software, applications, or the operating system of the machine as soon as they are deployed by the manufacturer.

Outdated applications represent a huge liability for your enterprise.

To ensure that all security gaps are closed on time, I recommend streamlining the process with an automatic software updater such as Heimdal® Patch & Asset Management.

Password Security

When it comes to the concept of password security, there are four main aspects that you should consider:

  • password strength,
  • multi-factor authentication,
  • password hashing,
  • and a password manager.

But let’s take them one at a time. Password strength determines how hard a password is to guess or how well it can hold its own against a brute force attack. Strong passwords generally contain both uppercase and lowercase letters, as well as numbers and symbols. They are not tied to easily identifiable information about the users, are not shared and are not subject to other common password mistakes.

Multi-factor authentication is a verification method that allows a user to login into an account only after presenting two or more pieces of evidence. Popular steps include device confirmation, PIN codes, or biometric data such as facial recognition or fingerprint scanning. As for password hashing, it represents an encryption process that turns the credential into a scrambled version of itself that is nearly impossible to read or decipher.

Finally, in terms of password managers, everyone knows LastPass is an enterprise favorite. However, there are other options available online as well, and one of them might suit your organization better. My colleague Vladimir wrote an excellent in-depth article on the four best password managers out there, so make sure to give that a read for a detailed review of each one.

Privileged Access Management

Let’s first consider the principle of least privilege (POLP). An essential cybersecurity concept, it entails granting a user the minimum access rights that are necessary for them to pursue their daily activities. POLP is the foundation on which privileged access management (PAM) operates.

PAM is an information security defense strategy that relies on monitoring the accounts on a network and preventing the abuse of admin rights. It can be quite a time and resource-consuming affair, which is why tools such as our Privilege Elevation and Delegation Management (PEDM) solution will make your network admin’s life a lot easier.

Cybersecurity Education

The final aspect of a complete defense in depth cybersecurity strategy is cybersecurity education in the form of Internet Security Awareness Training (ISAT). This is recommended in any enterprise setting, regardless of whether the company is large, medium, or small. It should consist of three main topics:

  • how to protect sensitive company data,
  • how to recognize common cyber-threats,
  • and what the consequences of an attack are.

By doing so, you are adding a layer of security for your company at the employee level. Human error is still very dangerous, which is why having well-informed members of staff can help you prevent critical situations.

Wrapping Up…

Defense in depth cybersecurity entails multiple elements, but a minimum of two is required for the strategy to be successful. Antivirus software, firewall, intrusion prevention systems, network segmentation, patch management, password security, privileged access management, and cybersecurity education are all part of a successful approach to your corporate security.

All the Heimdal cybersecurity solutions are built on a modular and layered structure as part of a comprehensive, modern defense-in-depth strategy.

Heimdal Official Logo
Simple standalone security solutions are no longer enough.
Is an innovative and enhanced multi-layered EDR security approach to organizational defense.
  • Next-gen Antivirus & Firewall which stops known threats;
  • DNS traffic filter which stops unknown threats;
  • Automatic patches for your software and apps with no interruptions;
  • Privileged Access Management and Application Control, all in one unified dashboard
Try it for FREE today 30-day Free Trial. Offer valid only for companies.
Author Profile

Alina Georgiana Petcu

Product Marketing Manager

linkedin icon

Alina Georgiana Petcu is a Product Marketing Manager within Heimdal™ Security and her main interest lies in institutional cybersecurity. In her spare time, Alina is also an avid malware historian who loves nothing more than to untangle the intricate narratives behind the world's most infamous cyberattacks.

Leave a Reply

Your email address will not be published. Required fields are marked *