Defense in Diversity: A Strategy for Robust Cybersecurity


            By Craig Burland, CISO, Inversion6



            The concept of “defense in depth” dates back to ancient times, epitomized by the ramparts, draw-bridge,
            towers, and battlements surrounding a medieval castle.  Cybersecurity’s adaptation of the idea -- multiple
            layers  of  security  controls  to  protect  data  and  systems  forces  intruders  to “get  it right”  over  and  over
            before reaching their goal -- has long been a cornerstone of strategic planning and is considered a best
            practice.

            However, as major cybersecurity vendors like Microsoft, Palo Alto, Okta, and CrowdStrike fill gaps in their
            portfolio  to  provide  “complete  and  comprehensive”  security  coverage,  it’s  time  to  consider  a
            complementary strategy: "defense in diversity".  Defense in Diversity emphasizes the importance of using
            different vendors at different layers of defense to mitigate the risk of a compromise due to insular thinking
            or a singular, fatal flaw.  Diversity in the context of this article means being composed of differing vendor
            sources,  operating  characteristics,  defensive  philosophies,  and  fundamental  principles,  rather  than  a
            political concept.






            Cyber Defense eMagazine – July 2024 Edition                                                                                                                                                                                                          60
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.