If there is only one defense mechanism within the network, and it is compromised, the rest of the environment is potentially exposed to the threat. To avoid these types of scenarios, a defense-in-depth architecture is deployed within the network. Defense-in-depth includes implementing multiple security controls such as training programs or technical controls. If one line of defense is compromised, the next layer within the architecture is there to stop or to slow down the attack from spreading further. The following figure illustrates the different layers and gives some examples of what defense techniques can be implemented at each layer.
The DVD solution has been validated to support the defense-in-depth principal. An example of this is how all software components are validated for hardening while the solution also validates functionality with a secure architecture. These two security practices help to create multiple layers of security around the solution. For instance, if a threat actor finds a way through the network boundary, such as a demilitarized zone (DMZ), then the use of authentication, encryption, and authorization all help to mitigate any further potential compromises.