The defense in depth methodology was popularized in the early 2000’s amid growing concerns for information
security; this paper will address the shortcomings of early implementations. In
the last two years, many supporters of the defense in depth security
methodology have changed their allegiance to an offshoot method dubbed the
defense in breadth methodology. A substantial portion of this paper’s body will
be devoted to comparing real-world usage scenarios and discussing the flaws in
each method. A major goal of this publication will be to assist readers in
selecting a method that will best benefit their personal environment. Scenarios
certainly exist where one method may be clearly favored; this article will help
identify the factors that make one method a clear choice over another. This
paper will strive not only to highlight key strengths and weaknesses for the
two strategies listed, but also provide the evaluation techniques necessary
for readers to apply to other popular methodologies in order to make the most
appropriate personal determinations.
Cite this paper
L. Cleghorn, "Network Defense Methodology: A Comparison of Defense in Depth and Defense in Breadth," Journal of Information Security
, Vol. 4 No. 3, 2013, pp. 144-149. doi: 10.4236/jis.2013.43017
 T. McGuiness, “Defense in Depth,” SANS Institute, Bethesda, 2001.
 M. Luallen, and S. Hamburg (2009) Applying Security Defense-In-Depth,” Control Engineering, 2009, pp. 49-51.
 R. Weaver, “Guide to Network Defense and Countermeasures,” Course Technology, Boston, 2007.
 National Security Agency, “Defense in Depth,” 2012.
 S. Groat, J. Tront and R. Marchany, “Advancing the Defense in Depth Model,” The 7th International Conference on System of Systems Engineering (SoSE), Genoa, 16-19 July 2012, pp. 285-290.
 Defense Information Systems Agency, “Network Infrastructure Technology Overview,” Department of Defense, Ft. Meade, 2010.
 C. Paquet, “Implementing Cisco IOS Network Security: Authorized Self-Study Guide,” Cisco Press, Indianapolis, 2009.
 L. MacVittie and D. Holmes, “The New Data Center Firewall Paradigm,” F5 Networks, Inc., Seattle, 2012.
 P. E. Small, “Defense in Depth: An Impractical Strategy for a Cyber World.” SANS Institute, Bethesda, 2011.
 L. MacVittie, “F5 Friday: Goodbye Defense in Depth. Hello Defense in Breadth,” 2012.
 R. Miller, “Advanced Persistent Threats: Defending from the Inside Out,” 2012.
 A. W. Coviello, “Open Letter to RSA Customers,” 2011. http://www.eweek.com/c/a/Security/RSA-Will-Replace-SecurID-Tokens-in-Response-to-Lockheed-Martin-Attack-409915/
 FireEye Inc., “Spear Phishing Attacks—Why They are Successful and How to Stop Them,” 2012.
 FireEye, Inc., “Advanced Targeted Attacks: How to Protect Against the Next Generation of Cyber Attacks,” FireEye, Inc., Milpitas, 2012.
 OWASP, “Defense in Depth,” 2012.
 Untangle Inc., “Web Content Control: Five Steps to a Successful Implementation,” 2012.
 W. Stallings and L. Brown, “Computer Security Principals and Practice,” Prentice Hall, Upper Saddle River, 2012.
 U. Rivner, “Speaking of Security: Uri Rivner,” 2012.
 V. Hazlewood, “Defense-In-Depth: An Information Assurance Strategy for the Enterprise,” San Diego Supercomputer Center, La Jolla, 2006.
 W. Odom, “CCNP ROUTE Official Certification Guide,” Cisco Press, Indianapolis, 2010.
 G. Rajaratnam, S. Gnanasundaram and A. Shrivastava, “Information Storage and Management,” John Wiley & Sons, Inc., Indianapolis, 2012.