Glad you liked it!

Glad you liked it

Glad it was helpful!

Thanks for liking

Very good feedback indeed 👍 👍 👍

Actually the point was related to layered security model that is also use in defense in depth. can you please tell me what was the reason ransomware attacks are so much successful these days what is defense in depth is doing to stop ransomware attack ? have you ever handled any spear phishing attacks ? two factor authentication bypass ? password sprays , Webshells , incase you are not much aware of such attacks then defense is depth is dead here, Also how zero days are catered by defence in depht ? any idea about Supply chain attacks why defence is depth cant help you against Log4j vulnerability ? why solar wind Orion update was compromised by a legitimate certificate and malware dll why defense and depth IDS IPS cannot able to detect that attack for months to C&C domains ? please shed some insights ?

@@cookiemaster1049 I guess to speak on security you cannot be blinded by attacker mindset only, real protection comes when you understand security management is not just about security jargons or attacks vectors you mentioned. Defense in depth is a principle it's not a rule or exe that you can run on any sys and it will give you defense in depth/breadth. It's a mindset which you cannot have or gained if you have attacker only mindset. Infact most people would not know what difference between defense in depth vs breadth. Secure architecture like zero trust model of real existence or proof of defense in depth also micro or nano segmentation are part of modern networks secure design. Do you have examples or case study where these attacks failed? Did of all N number of systems that were attacked ...were all breached. ? Those that were not compromised you have a root cause of data. Seeing a glass half full or half empty but you need to have certain cognitive and analytical intelligence to debate the topic without bias and incomplete data. All you assumed that all systems are green day, means ripped for attack and compromise ..you have no idea how secure systems are designed and engineered...it's just like saying of that bullet proof jacked failed one time out 1000...let's throw out protection features of jacket all together. Are all MFA insecure are they inherently insecure or were deployed as insecure? At time of heartbleed there were companies who had customized ssl libraries and we're safe from breach? You know why and what promoted to change these libs?

Check video description

Thanks for the feedback. Defense on depth is certainly necessary but if it is not configured well then it might provide a false sense of security. Thanks for your valuable comments.

its just an example for example using keygen to crack office 2016 ,this is quite norm in each organization and i found AV report such incidents and usually system admins are found doing such activities . crackers and Free vpns , torrents and even Crypto mining is practices by employees in companies.

@@cookiemaster1049 normal and secure are two different things...like I have worked in organizations where the CD/DVD plus USB slots were removed from all workstations. It's about level of risk you are willing to accept..and for that risk you have to pay the price. Keygen etc is norm but there are dozens of control to pervent such practice..supply chain can be secure through IT auditing software that keep check on licensing misuse and asset management. But if your admin are involved in same game then whom is to blame?