Defense in Depth – Filling the Gaps to Detect and Stop Lateral Movement
Written by: Kevin Hiltpold, Federal Sr. Solutions Engineer – At my first job in cybersecurity at one of the biggest Internet providers that ever existed, I asked, “Do we have multiple vendors in our network security stack to provide defense in depth?” The Chief Architect replied, “No, we have multiple vendors to use as leverage when we have a feature request that one of them doesn’t want to fulfill.” With that answer, my philosophy was set. Defense in depth is about being able to detect and stop what the first line of defense lets through, not vendor diversity. It is hard enough finding qualified security professionals who can respond to attacks quickly without forcing them to be fluent with multiple vendors. If you are wondering if several well-meaning security architects and SOC chiefs told me over the years that their environment had defense in depth because their firewall was from one vendor and their IDS from another, sadly, the answer is yes.