top of page

Defense in Depth (DiD)

Cybersecurity is an essential aspect of any business or organization. Since no single measure is guaranteed to endure every attack, DiD combines several layers of security for greater efficiency. This layering approach was first conceived by the National Security Agency (NSA) and is inspired by a military tactic with the same name. In the military, layers of defense help buy time, but in IT, DiD is designed to prevent an incident altogether.

Essential elements of DiD

1. Firewalls - comprised of hardware or software that protects your network by filtering out unnecessary traffic and blocking unauthorized access to your data.

2. Intrusion prevention and detection systems- scan the network looking for anything out of place; if threatening activity is detected, stakeholders will be alerted and attacks blocked.

3. Endpoint detection and response (EDR) - constantly monitor endpoints to find suspicious or malicious behavior in real time.

4. Network segmentation - divides your business’s network into smaller units for easier monitoring of data traffic between segments and to safeguard them from one another.

5. The principle of least privilege (PoLP) - a cybersecurity concept in which a user is only granted the minimum levels of access/permissions essential to performing their task.

6. Strong passwords – follow best practices for strong password maintenance and add a layer of protection by using multifactor authentication (MFA).

7. Patch management - when a new patch is delivered, deploy it immediately to prevent exploitation of security gaps left unattended due to poor patch management.


Sydow, Inc. will help you divide DiD into three security control areas:

1. Administrative controls

All policies and procedures of a business fall under this category and are designed to ensure appropriate guidance is available and security policies are followed.

Examples include hiring practices or employee onboarding protocols, data processing and

management procedures, information security policies, vendor risk management and third-party risk management frameworks, information risk management strategies, and more.

2. Technical controls

Hardware or software intended to protect systems and resources including firewalls, configuration management, disk/data encryption, identity authentication (IAM), vulnerability scanners, patch management, virtual private networks (VPNs), intrusion detection systems (IDS), security awareness training, and more.

3. Physical controls

Anything that physically limits or prevents IT system access such as fences, keycards/badges, CCTV systems, locker rooms, and more.

Don’t worry if you are struggling with developing a DiD strategy for your organization. We’re here to make things as simple as possible. Contact Sydow, Inc. to start the process of making your organization more secure.

Free from Sydow Inc.

If you want to learn more about how DiD can help protect your business, download our free eBook “7 Elements of an Effective Defense in Depth (DiD) Security Strategy.”

46 views0 comments

Related Posts

See All


bottom of page