There is no single solution that can safeguard an organization from all types of cyber attacks. Instead, multiple layers of security measures are needed to provide comprehensive protection. These measures include perimeter security, endpoint protection, and network monitoring for anomalies. This approach of implementing various security layers to defend an organization against cyber threats is known as defense in depth.
Why defense in depth?
By layering and even duplicating security processes, organizations significantly reduce the likelihood of a breach. It is widely acknowledged that a single security measure, like a firewall, is insufficient to protect against the increasingly sophisticated attacks by today’s cyber criminals.
For instance, if a hacker manages to penetrate an organization’s network, a defense-in-depth approach allows administrators time to implement countermeasures. Antivirus software and firewalls should work together to block further unauthorized access, safeguarding the organization’s applications and data.
Although redundancy in security might initially appear unnecessary, a defense-in-depth strategy ensures protection. If one security measure fails, another is ready to step in, maintaining the security integrity of the organization.
Let us see what are the different defense in depth mechanism used in OT network
| Physical security | Access controls and barriers Physical security Field electronics locked down |
| OT Network Architecture | Common architectural zones Industrial Demilitarized Zones (DMZ) Virtual LANS |
| Perimeter security | Firewalls Remote access solutions Jump servers/hosts |
| Host security | Patch and vulnerability management End point protection (Antivirus/EDR) Field devices |
| Security Monitoring | Intrusion Detection Systems (IDS) Security Incident and Event Management(SIEM) Security audit logging |
| Vendor management | Managed services/ outsourcing Supply chain management Cloud services |
| Human element | Policies Procedures Training awareness |
