Defense in depth is a security concept used to help secure an asset. The idea is that implementing multiple layers of defensive controls is superior to defending any single layer and subsequently prevents single points of failure through redundancy. When trying to secure a network of computers, there are various locations where security controls can be applied. For example, an Intrusion Detection System (IDS) can be used to detect malicious anomalies within network traffic. While at the same time, an Endpoint Detection and Response (EDR) solution may be used to perform host-level detection. This creates a potential for increased detection as the EDR solution may catch things missed by the IDS and vice-versa.
In Andress’s (2019) book, Foundations of Information Security, Andress describes defense in depth:
“Defense in depth is a strategy common to both military maneuvers and information security. The basic concept is to formulate a multilayered defense that will allow you to still mount a successful resistance should one or more of your defensive measures fail.” (Andress, 2019).
Additionally, Andress gives a fantastic table of controls and solutions in relation to the assets they protect.
(Andress, 2019)
References
Andress, J. (2019). Foundations of Information Security. No Starch Press.