INSIGHT: How defence in depth can secure your keep

In how many ways can one of your network's hosts become compromised?

Spam, phishing attacks and infected attachments; malware infected downloads; compromised websites hosting exploit code; USB thumb drives purpose-built to exploit unwitting users.

In how many ways can one of your network's hosts become compromised?

Well, according to independent security testing company The AV-TEST Institute, somewhere north of 300 million.

Let that number sink in for a moment...

Since 1984 when the institute's records start, they have registered over 300 million types of malware.

In the past year alone, that number grew by well over 100 million, showing on average 12 million new variations of malware each and every month. How can any one single solution keep up with the growing numbers of threats?

The strategy

Defence in depth is a security term used to describe a security approach involving multiple layers of defence throughout an information system.

They can include technical and procedural controls, and rely on software, hardware and humans to be most effective.

Taking a defence-in-depth approach to your systems' security is the best way to defend against all those millions of potential threats.

This will provide you with redundancies and overlapping layers as well as help to minimise the chances of something getting through.

The seven layers

Just as castles included high walls, moats with drawbridges and portcullises, towers, barbicans, hoardings, murder holes and baileys, your network should have multiple defences as well.

Defence in depth means layering your defences rather than relying on any one solution. Here are the layers you should use.

Join the Computerworld New Zealand newsletter!

Error: Please check your email address.

Tags securityGFI Software

More about GFIGFI Software

Show Comments
[]