Defense in Depth (DiD) is a term commonly used by the security industry to describe the strategy of implementing layers of security controls at various logical and physical teirs within an organization to reduce security risk.
This presentation will examine DiD from a researcher's perspective and challenge its effectiveness as a best practice. The presentation will include several case studies directly supporting our case, and contain original vulnerability research into products that are used to implement a DiD strategy.