Layered security, also known as layered defense, is a term used by IT security professionals, information protection experts, and security software vendors that describes the practice of leveraging several different point security solutions, filtering systems, and monitoring strategies to protect information technology resources and data.
The term bears some similarity to Defense in Depth (computing), a term adopted from a military strategy that involves multiple layers of defense that resist rapid penetration by an attacker but yield rather than exhaust themselves by too-rigid tactics. As the incursion progresses, resources are consumed and progress is slowed until it is halted and turned back. The information assurance use of the term "defense in depth" assumes more than merely technical security tools deployment; it also implies policy and operations planning, user training, physical access security measures, and direct information assurance personnel involvement in dealing with attempts to gain unauthorized access to information resources. Within a defense in depth security strategy, layered security is regarded by some as merely a delaying tactic used to buy time to bring security resources to bear to deal with a malicious security cracker's activities.
Contents |
Philosophy
Commercial
Security vendors will sometimes cite differing solutions, but most can be grouped under consumer or enterprise categories:
Consumer Layered Security Strategy
- Extended validation (EV) SSL certificates
- Multifactor authentication (also sometimes known as versatile or two-factor authentication)
- Single sign-on (SSO)
- Fraud detection and risk-based authentication
- Transaction signing and encryption
- Secure Web and e-mail
- Open fraud intelligence network
Enterprise Layered Security Strategy
- Workstation and network authentication
- File, disk and removable media encryption
- Remote access authentication
- Network folder encryption
- Secure boundary and end-to-end messaging
- Content control and policy-based encryption
Integrated Solutions
An argument may be made that "ad-hoc" security strategy, with numerous vendors and an abundance of different, sometimes incompatible, security solutions and products can leave gaps in protection, where a vertically integrated vendor stack could provide more comprehensive defense. Single vendor solutions improve interoperability between components of a complete security strategy, and may offer performance and price benefits over a multi-vendor approach.
Best Of Breed Solutions
The contrasting commercial security product argument is that a "best of breed" approach provides more effective protection. While a single vendor's vertically integrated product stack may be the offering of choice for vendors who want to monopolize a client's or customer's business, it could be also be argued that each component of a comprehensive security strategy should be evaluated both for its performance within its niche and its open compatibility with other, non-integrated components of the whole.
This entry is from Wikipedia, the leading user-contributed encyclopedia. It may not have been reviewed by professional editors (see full disclaimer)
