What is a layered defense?

What is a layered defense?

What is a layered defense? 150 150 Tony Davidson
What is a layered defense and how will it help my business?

Most businesses are already using a basic form of “layered defense” but are unfamiliar with the term. A layered defense is simply having multiple “layers” to protect your business against attackers. So that if an attacker penetrates one layer (or finds a bug/hole) one of the other layers will still provide protection.

But what layers is your business using, and is it enough? Most businesses should have the following “layers”:

Router providing firewall protection

This is generally considered as the first layer. The router block incoming attacks, generally by default. Note that it is crucial that the router has been configured not to allow access from the Internet, and that the default password has been changed. It should also be up to date to ensure all security holes have been patched.

Computers up to date and all security patches applied

Security vulnerabilities are discovered daily in all operating systems. Once discovered they are patched.

End Point Protection (EPP)

EPP will provide a very high level of protection against known viruses and malware, and limited protection against unknown threats.

Anti-ransomware Protection

We generally recommend a separate anti-ransomware product be installed, rather than upgrading your EPP protection to the top level at a similar cost. A quality anti-ransomware specialised product provides defense from ransomware encrypting your computers, and more importantly your server data.


It goes without saying that the final protection is a properly configured backup system.

E-mail protection

Your e-mail should be filtered through a security gateway product that will remove viruses, spam and phishing attacks. Microsoft 365 has a basic form of defense, for more advanced defense consider our managed Security Gateway service.

Browser protection

Your browser should always be up to date as security updates are frequent. There are also numerous add-ins available that will alert you to and block attacks such as malware and crypto mining.

DNS Protection

Most businesses use their ISP as their DNS server. More advanced DNS servers will filter know scam/phishing sites. Some even provide parental type controls meaning staff can’t browse certain sites, or categories of sites.

Contact us if you’d like further information or assistance in implementing additional layers in your business protection.

Leave a Reply