Which security architecture strategy involves deploying multiple independent security controls across different layers of an environment so that, if one control is compromised, other controls still protect the system and limit the attacker's ability to escalate?
Defense in depth adds redundancy by placing overlapping security controls (technical, physical, and administrative) throughout the environment. If an attacker bypasses one mechanism-such as a firewall-other layers like IDS/IPS, strong authentication, network segmentation, and data encryption remain in force. This layered approach minimizes blast radius and eliminates single points of failure. In contrast, least privilege limits permissions, separation of duties divides critical tasks among roles, and Zero Trust continuously verifies users and devices but does not necessarily rely on overlapping controls at every layer.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are examples of security layers in Defense in Depth?
Open an interactive chat with Bash
How does Defense in Depth differ from Zero Trust Architecture?
Open an interactive chat with Bash
Why is Defense in Depth effective against advanced persistent threats (APTs)?