Defense in Depth: The Basics of Blockade and Delay
This provides incremental theoretical insights for cybersecurity practitioners in optimizing defense-in-depth strategies.
The paper tackles the problem of selecting defensive layers for cybersecurity strategies under budget constraints, developing a mathematical theory for Blockade and Delay strategies that shows defenders can be optimistic due to slower growth in required defenses compared to attackers and other advantages.
Given that individual defenses are rarely sufficient, defense-in-depth is nearly universal and options for individual defensive layers abound. We develop a simple mathematical theory that can help in selecting the type and quantity of defenses for two different defense-in-depth strategies: Blockade and Delay. This theoretical approach accounts for budgetary constraints and the number, skill, and diversity of attackers. We find that defenders have several reasons to be optimistic including that the number of required defenses increases more slowly than the number of attackers, that similar attackers are defended more easily than similar defenses are defeated, and that defenders do not necessarily need to act as quickly as attackers.