Defense-in-depth is not a new concept but the layered security architecture continues to evolve as new technologies are adopted by IT departments to save money and increase efficiency (emphasis added):
If blocking Flash and embracing HTML5 aren’t enough to protect businesses from unknown threats – because, as we all know, it’s just a matter of time before another zero-day vulnerability is discovered – what can you do that’s practical, reliable, and cost-effective?
Businesses shouldn’t assume that their existing prevention-based tools are doing the job; because chances are, they aren’t. But it’s not because the tools in themselves are necessarily flawed or out-of-date. It’s because they aren’t working together to cover as much of the attack surface as possible. And that’s where adopting a layered approach makes all the difference.
A layered approach involves implementing defensive measures at the four most vulnerable points on the attack surface:
There is not much new here most security professionals do not already know, but it is a good reiteration of what is necessary.