Which type of security control is defense in depth?
A.
threat mitigation
B.
risk analysis
C.
botnet mitigation
D.
overt and covert channels
Explanation:
http://www.cisco.com/en/US/docs/solutions/Enterprise/Security/SAFE_RG/chap1.html
SAFE Design Blueprint
The Cisco SAFE uses the infrastructure-wide intelligence and collaboration capabilities provided by
Cisco products to control and mitigate well-known and zero-day attacks. Under the Cisco SAFE
design blueprints, intrusion protection systems, firewalls, network admission control, endpoint
protection software, and monitoring and analysis systems work together to identify and dynamicallyrespond to attacks. As part of threat control and containment, the designs have the ability to identify
the source of a threat, visualize its attack path, and to suggest, and even dynamically enforce,
response actions. Possible response actions include the isolation of compromised systems, rate
limiting, packet filtering, and more.
Control is improved through the actions of harden, isolate, and enforce. Following are some of the
objectives of the Cisco SAFE design blueprints:
•Adaptive response to real-time threats—Source threats are dynamically identified and may be
blocked in realtime.
•Consistent policy enforcement coverage—Mitigation and containment actions may be enforced at
different places in the network for defense in-depth.
•Minimize effects of attack—Response actions may be dynamically triggered as soon as an attack is
detected, minimizing damage.
•Common policy and security management—A common policy and security management platform
simplifies control and administration, and reduces operational expense.