Defense In Depth
Overview
Defense In Depth. The principle is simple. Assume each layer of your security will be breached. Think about how to delay the attacker, how to increase their costs.
The more you can delay the attacker, the more you have a chance of observing and reacting before its too late.
The more you can shift cost from you (the defender) to the attacker, the more likely it is they will go elsewhere.
Fefense in depth means defending at each stage of a pipeline. From SAST through simple orthogonal security techniques like fail to ban to zero-trust techniques like splitting identity from authorisation.
Articles
A strong password breached. Multi-factor authentication saved the day. So many passwords to check. Why can each site not use OpenID Connect single identity?
An email security threat scanner, looking for phishiing links, itself becomes the attack vector, from within. Unsubscribed from pardot the beginning.
Content-Security-Policy protects our application, but challenging with external scripts like Google Tag Manager. We show in Angular Single Page Application.
Doppelganger domains are used to spear-phish you. They look similar to ones you use normally. See this new warning in Chrome.
Secure automatic software delivery without the risk of tampering. The Update Framework in action.
Document how you receive and treat security vulnerability reports with the security.txt standard
Fail to ban. Simple. Strong. Make the attackers wait, increase their cost while decreasing your cost of defending. Defense in Depth.
DNSSEC. It helps prevent someone from poisoning a DNS cache or creating a lying recursive. Its simple to enable.
The Agilicus Philosophy: The world we work in changes. Our requirements change. By continuously learning and adapting, we survive and thrive.