Network Defense Methodology: A Comparison of Defense in Depth and Defense in Breadth


The defense in depth methodology was popularized in the early 2000’s amid growing concerns for information security; this paper will address the shortcomings of early implementations. In the last two years, many supporters of the defense in depth security methodology have changed their allegiance to an offshoot method dubbed the defense in breadth methodology. A substantial portion of this paper’s body will be devoted to comparing real-world usage scenarios and discussing the flaws in each method. A major goal of this publication will be to assist readers in selecting a method that will best benefit their personal environment. Scenarios certainly exist where one method may be clearly favored; this article will help identify the factors that make one method a clear choice over another. This paper will strive not only to highlight key strengths and weaknesses for the two strategies listed, but also provide the evaluation techniques necessary for readers to apply to other popular methodologies in order to make the most appropriate personal determinations.

Share and Cite:

L. Cleghorn, "Network Defense Methodology: A Comparison of Defense in Depth and Defense in Breadth," Journal of Information Security, Vol. 4 No. 3, 2013, pp. 144-149. doi: 10.4236/jis.2013.43017.

Conflicts of Interest

The authors declare no conflicts of interest.


[1] T. McGuiness, “Defense in Depth,” SANS Institute, Bethesda, 2001.
[2] M. Luallen, and S. Hamburg (2009) Applying Security Defense-In-Depth,” Control Engineering, 2009, pp. 49-51.
[3] R. Weaver, “Guide to Network Defense and Countermeasures,” Course Technology, Boston, 2007.
[4] National Security Agency, “Defense in Depth,” 2012. support/defenseindepth.pdf
[5] S. Groat, J. Tront and R. Marchany, “Advancing the Defense in Depth Model,” The 7th International Conference on System of Systems Engineering (SoSE), Genoa, 16-19 July 2012, pp. 285-290.
[6] Defense Information Systems Agency, “Network Infrastructure Technology Overview,” Department of Defense, Ft. Meade, 2010.
[7] C. Paquet, “Implementing Cisco IOS Network Security: Authorized Self-Study Guide,” Cisco Press, Indianapolis, 2009.
[8] L. MacVittie and D. Holmes, “The New Data Center Firewall Paradigm,” F5 Networks, Inc., Seattle, 2012.
[9] P. E. Small, “Defense in Depth: An Impractical Strategy for a Cyber World.” SANS Institute, Bethesda, 2011.
[10] L. MacVittie, “F5 Friday: Goodbye Defense in Depth. Hello Defense in Breadth,” 2012.
[11] R. Miller, “Advanced Persistent Threats: Defending from the Inside Out,” 2012.
[12] A. W. Coviello, “Open Letter to RSA Customers,” 2011.
[13] FireEye Inc., “Spear Phishing Attacks—Why They are Successful and How to Stop Them,” 2012.
[14] FireEye, Inc., “Advanced Targeted Attacks: How to Protect Against the Next Generation of Cyber Attacks,” FireEye, Inc., Milpitas, 2012.
[15] OWASP, “Defense in Depth,” 2012.
[16] Untangle Inc., “Web Content Control: Five Steps to a Successful Implementation,” 2012.
[17] W. Stallings and L. Brown, “Computer Security Principals and Practice,” Prentice Hall, Upper Saddle River, 2012.
[18] U. Rivner, “Speaking of Security: Uri Rivner,” 2012.
[19] V. Hazlewood, “Defense-In-Depth: An Information Assurance Strategy for the Enterprise,” San Diego Supercomputer Center, La Jolla, 2006.
[20] W. Odom, “CCNP ROUTE Official Certification Guide,” Cisco Press, Indianapolis, 2010.
[21] G. Rajaratnam, S. Gnanasundaram and A. Shrivastava, “Information Storage and Management,” John Wiley & Sons, Inc., Indianapolis, 2012.

Copyright © 2023 by authors and Scientific Research Publishing Inc.

Creative Commons License

This work and the related PDF file are licensed under a Creative Commons Attribution 4.0 International License.