There is no panacea in cybersecurity. There are certainly better and worse systems out there, but defending against cyber incidents (ranging from intentional attack to accidental breaches) requires a principle derived from the military: defense in depth.

In the 90s, many organizations were unprotected, but those that were protected typically relied on being behind a firewall. This is a static defense; I liken this to the idea of a fortress or castle wall. The story of the fall of Troy is an example of how this system can go wrong. Once the attacking force was within the wall, they had freedom of action across the entire city.

Instead, defense in depth works to create little pockets of detection and resistance. There are still firewalls, access control lists, and the like, but also antivirus software on the endpoints, intrusion detection, and prevention systems at the boundary and within the sub-networks of the system. 

In this section, you will learn to define the different components of layered network defense, and how each technology can contribute information regarding a security event.

There is often a cross over between the different technologies and defense types, so while each is considered independently, some events may fall into several technologies and categories. Several of these technologies use elements specifically mentioned in the previous section, Alert identification. If you are unsure about any references, switch back and forth between the sections to consolidate the learning.