Contact Us Today 01642 716680

Defence in Depth

Definition: Defence in Depth is a strategic security methodology that layers multiple defensive mechanisms to protect information and prevent single points of failure in a system. The concept originates from military strategy and has been adapted to the context of cyber security to provide comprehensive protection.

The approach aims to slow down an attack’s progress and provide security personnel with sufficient time to detect and respond to threats. Defence in Depth encompasses a combination of physical, technical, and administrative controls, ranging from perimeter defences like firewalls, to internal network segmentations, antivirus software, intrusion detection systems, and user training and policies.

By implementing security at various levels within the IT infrastructure, organisations can ensure redundancy in their defensive mechanisms, making it much more difficult for attackers to compromise a system fully.

Key Characteristics:

  • Layered Security: Employs multiple layers of security controls and measures across an organisation’s systems and processes.
  • Prevention and Response: Aims to both prevent attacks and to establish effective response mechanisms in the event of a security breach.
  • Diverse Controls: Integrates a variety of control types, including physical, technical, and administrative.
  • Holistic Approach: Covers all aspects of security, from the perimeter to the endpoint, internal networks, data, applications, and people.


  • Real-World Example: A bank uses multiple security measures such as secure authentication, encrypted transactions, intrusion detection systems, strict access controls, and continuous monitoring to protect against cyber threats.
  • Hypothetical Scenario: An organisation implements Defence in Depth by securing the IT infrastructure through network firewalls, segregating internal networks, enforcing strong password policies, and regularly updating and patching all systems.

Related Terms:

  • Layered Security: Similar to Defence in Depth, it refers to using multiple, overlapping security measures to protect the integrity of information.
  • Security Perimeter: The boundary where an entity’s network interfaces with the rest of the cyberspace, often fortified as part of the Defence in Depth strategy.
  • Intrusion Detection System (IDS): A device or software application that monitors network or system activities for malicious activities or policy violations.

Related Services:

What is the OWASP Top 10: Download our flash cards to find out.

Inside you will find a description of the most common web vulnerabilities.

Contact us

Get a free, no obligation quote from one of our expert staff.