Defense In Depth
Overview
Defense In Depth. The principle is simple. Assume each layer of your security will be breached. Think about how to delay the attacker, how to increase their costs.
The more you can delay the attacker, the more you have a chance of observing and reacting before its too late.
The more you can shift cost from you (the defender) to the attacker, the more likely it is they will go elsewhere.
Fefense in depth means defending at each stage of a pipeline. From SAST through simple orthogonal security techniques like fail to ban to zero-trust techniques like splitting identity from authorisation.
Articles
A criminal group takes over a nations energy via a VPN. Its time to treat the VPN as a risk, not a security solution. Zero Trust is better.
Zero Trust. The principle of limiting access to user resource pairs. It is part of a good defense in depth strategy. It is also a key defense to Zero Day.
These three simple steps will dramatically reduce your ransomware risk. Achievable, understandable, reasonable.
A strong password breached. Multi-factor authentication saved the day. So many passwords to check. Why can each site not use OpenID Connect single identity?
An email security threat scanner, looking for phishiing links, itself becomes the attack vector, from within. Unsubscribed from pardot the beginning.
Content-Security-Policy protects our application, but challenging with external scripts like Google Tag Manager. We show in Angular Single Page Application.
Doppelganger domains are used to spear-phish you. They look similar to ones you use normally. See this new warning in Chrome.
Secure automatic software delivery without the risk of tampering. The Update Framework in action.
Document how you receive and treat security vulnerability reports with the security.txt standard