Skip to content

Defense In Depth

Defense in Depth & Security Controls πŸ”’πŸ°

πŸ”Ή What is Defense in Depth (DiD)?

Defense in Depth (DiD) is a layered security approach where multiple security controls protect against cyber threats. If one layer fails, others continue to protect the system.

1️⃣ Layers of Defense in Depth & Security Controls

Layer Example Controls Security Control Type
Physical Security AWS Data Centers, SOC Compliance Preventive
Network Security Firewalls, VPC, Security Groups, AWS Shield Preventive, Detective
IAM & Access Control MFA, Least Privilege, IAM Roles Preventive
Endpoint Security GuardDuty, Systems Manager, Antivirus Preventive, Detective
Application Security WAF, API Gateway, Secure Coding Preventive, Detective
Data Security Encryption, Backups, RDS Snapshots Preventive, Corrective
Monitoring & Response CloudTrail, SIEM, Incident Response Plans Detective, Corrective

2️⃣ Types of Security Controls in Defense in Depth

πŸ”Ή Preventive Controls – Stop threats before they happen.
➑ MFA, Firewalls, Least Privilege (PoLP), Endpoint Security.

πŸ”Ή Detective Controls – Identify security incidents.
➑ SIEM, Intrusion Detection Systems (IDS), Audit Logs.

πŸ”Ή Corrective Controls – Mitigate and respond to attacks.
➑ Incident Response, Backups, Patching.

πŸ”Ή Deterrent Controls – Discourage attackers.
➑ Security Awareness Training, Legal Policies.

πŸ”Ή Compensating Controls – Alternative controls when primary security fails.
➑ Extra monitoring if MFA isn’t available.

3️⃣ Real-World Example: AWS Cloud Security Implementation ☁️

Pasted image 20250403182602.png

πŸ”Ή Physical Security (Preventive Control)

βœ… AWS secures data centers with biometric access, surveillance, and armed guards.

πŸ”Ή Network Security (Preventive & Detective Controls)

βœ… VPC (Virtual Private Cloud) – Isolates environments.
βœ… Security Groups & NACLs – Control inbound/outbound traffic.
βœ… AWS Shield – Protects against DDoS attacks.

πŸ”Ή IAM & Access Management (Preventive Control)

βœ… IAM Policies & Roles – Enforce Least Privilege (PoLP).
βœ… MFA (Multi-Factor Authentication) – Prevent unauthorized access.

πŸ”Ή Endpoint Security (Preventive & Detective Controls)

βœ… Amazon GuardDuty – Detects threats in real time.
βœ… AWS Systems Manager (SSM) – Patches EC2 instances.
βœ… Bastion Host – Restricts direct SSH access.

πŸ”Ή Application Security (Preventive & Detective Controls)

βœ… AWS WAF (Web Application Firewall) – Blocks SQL Injection, XSS.
βœ… API Gateway + IAM Authorization – Secures API endpoints.
βœ… Code Scanning (CI/CD) – Detects vulnerabilities.

πŸ”Ή Data Security (Preventive & Corrective Controls)

βœ… S3 Encryption (AES-256, KMS) – Secures stored data.
βœ… Database Encryption (RDS, DynamoDB) – Protects sensitive records.
βœ… Backups & Snapshots (AWS Backup, RDS Snapshots) – Ensures disaster recovery.

πŸ”Ή Monitoring & Incident Response (Detective & Corrective Controls)

βœ… AWS CloudTrail – Logs all API activity.
βœ… Amazon CloudWatch + Alerts – Detects system anomalies.
βœ… SIEM (AWS Security Hub, Splunk, ELK Stack) – Centralized threat detection.
βœ… Incident Response Playbooks – Automate security actions.

4️⃣ How Defense in Depth & Security Controls Work Together

βœ” Defense in Depth applies multiple security layers to protect systems.
βœ” Security controls ensure protection at every layer.
βœ” Combining DiD + Security Controls strengthens security in Cloud, DevOps, and IT environments.