Defense in depth, a phrase coined by the military, is a defensive technique that layers security countermeasures upon one another. It uses multiple computer security techniques to help mitigate the risk of one component of the defense being compromised or circumvented.

Defense in depth seeks to delay and deter attackers rather than prevent the advance of an attacker by buying time and delaying the ultimate succession of the attack.

From the military play book, rather than defeating an attacker with a single, strong defensive line, defense in depth relies on the tendency of an attack to lose momentum over a period of time.

Using multiple vendors is a best practice that supports this layered approach. If an attacker has to compromise two firewalls and each is from a different vendor, the attacker will have to find separate vulnerabilities for each, which adds time to the attack. Time usually works against an attacker and in favor of defensive countermeasures.

Defense in depth is designed so that if one security control fails, it is unlikely that the attack will penetrate the next layer.