Security Approaches

Defense in Depth, Zero Trust, and Security Architecture Fundamentals

1 Overview
2 Defense in Depth
3 Zero Trust
4 Quiz

Security Architecture Philosophy

Modern security isn't about building one perfect wall — it's about creating multiple layers of protection that work together. Two foundational approaches dominate enterprise security architecture: Defense in Depth and Zero Trust.

Defense in Depth

Multiple security layers so that if one fails, others still protect. Like a medieval castle with walls, moat, and keep.

Zero Trust

"Never trust, always verify." Every access request is authenticated and authorized, regardless of source location.

Least Privilege

Users and systems get only the minimum permissions needed to perform their function. No more, no less.

Why Multiple Approaches?

No single security control is 100% effective. Attackers constantly find new ways to bypass defenses. By combining approaches, organizations create redundancy — if one control fails, another catches the threat. This is the essence of security architecture.

Defense in Depth

Defense in Depth (DiD) uses multiple security layers. If an attacker breaches the perimeter, they still face network controls, endpoint protection, application security, and data encryption. Click each layer to explore:

Physical Security
Perimeter Security
Network Security
Endpoint Security
Application Security
Data Security

Controls:

Real-World Example

Consider how DiD protects against a phishing attack:

Layer How It Helps
Email Gateway Filters known malicious attachments and URLs
User Training Employee recognizes suspicious email, doesn't click
Endpoint Protection Blocks malware if user clicks anyway
Network Monitoring Detects C2 callback if malware executes
Data Encryption Stolen files are useless without decryption keys

Zero Trust Architecture

Traditional security assumed everything inside the network perimeter was trusted. Zero Trust assumes nothing is trusted by default — not users, not devices, not even internal network traffic.

Core Principles

1

Verify Explicitly

Always authenticate and authorize based on all available data points: identity, location, device health, data classification.

2

Least Privilege Access

Limit access with just-in-time and just-enough-access (JIT/JEA). Provide minimum permissions needed for the task.

3

Assume Breach

Operate as if attackers are already inside. Minimize blast radius through segmentation and end-to-end encryption.

4

Continuous Validation

Trust is never permanent. Re-verify continuously throughout the session, not just at login.

Zero Trust vs Traditional (Perimeter) Security

Aspect Traditional (Castle-and-Moat) Zero Trust
Trust Model Trust inside, verify outside Trust nothing, verify everything
Network Focus Perimeter firewall Identity and data-centric
Access Control VPN = full network access Per-resource, per-session access
Lateral Movement Easy once inside Blocked by microsegmentation
Remote Work Requires VPN tunnel Native support (identity-based)

Security Approaches Quiz

Test your understanding. You need 80% (4/5) to pass.

Q1. An organization implements firewalls, IDS, endpoint protection, and encryption. If one control fails, others provide protection. This describes:
Zero Trust Architecture
Defense in Depth
Single Sign-On
Perimeter Security
Q2. Which Zero Trust principle states "operate as if attackers are already inside the network"?
Verify Explicitly
Least Privilege
Assume Breach
Continuous Validation
Q3. In traditional perimeter security, what typically grants full internal network access?
VPN connection
Multi-factor authentication
Microsegmentation
Just-in-time access
Q4. Which layer in Defense in Depth includes controls like guards, locks, and CCTV?
Network Security
Endpoint Security
Perimeter Security
Physical Security
Q5. Zero Trust blocks lateral movement through:
Stronger perimeter firewalls
Microsegmentation
Longer passwords
Annual security training

Quiz Complete!

0/5