Requirements of defensible architecture
At this point, we can define what the requirements are for defensible architecture. The defensible architecture ensures that adversary activity on a network are visible and survivable, and it also ensures that defenders have actionable options. It helps to reconsider the four objectives of incident response, as discussed in Chapter 1, How Security Operations Are Changing, and Chapter 2, Incident Response – A Key Capability in Security Operations.
Defensible architecture assists with these four objectives primarily through visibility, which assists with minimizing dwell time and understanding motivation and capability. Secondly, defensible architecture is based on measures that make it hard for attackers to perform lateral movement and achieve their objectives, a feature we will call survivability.
Finally, a defensible architecture must enable tactical options for the security team to actively thwart attackers. Tactical options consist...