Advancing the defense in depth model

Systems and network defenses currently implementing a Defense in Depth (DiD) strategy frequently slow attackers´ progress but do not act as a secure barrier. These systems of network defense methods are primarily comprised of static defenses focused on preventing attacks from entering a network by enabling the features of blocking access, requiring authentication, or analyzing traffic. To adapt to the ever-changing threat profile of network attacks, the DiD model must be adapted to be symmetric and focus on new vectors for defense instead of authenticating, blocking, or analyzing all traffic. Instead of a focusing on feature-centric network defense requirements, the DiD model should be redesigned to be a functional or capability focused model. Symmetry in the DiD model allows for the network defense system to recognize the insider threat, preventing data exfiltration and allowing attacks to be stopped at the originating network instead of being defended by the attacked network. Dynamic defenses must also be enabled, which change attack surfaces to proactively defend a network. New vectors, such as dynamic network addressing, enterprise computing resources, and network architectures, must be used by the DiD model to prevent attacks from reaching network, consuming attackers often limited resources, and securing networks in their design and architecture.