Defense in Depth is Broken – It’s Time to Rethink Cybersecurity
The illusion of security: Why stacked defenses still leave you exposed. Mike Wiacek, founder of Stairwell, breaks down why traditional defense-in-depth strategies fail and what security teams must do to truly outsmart attackers.
For decades, defense in depth has been the guiding philosophy of cybersecurity. The idea is simple: Stack multiple security layers to create a strong, redundant defense. If an attacker bypasses one layer, another should stop them.
It sounds logical, but the way most organizations implement defense in depth is fundamentally flawed. Rather than a series of reinforcing layers, what we actually have is a collection of security products sitting adjacent to each other, leaving critical gaps that sophisticated attackers exploit with ease.
The Jenga Illusion of Security
One of the best ways to visualize this problem is with a Jenga tower. From one angle, it looks like a solid structure. But turn it slightly, and you see empty spaces between the blocks. This is exactly how most security programs work.
From an internal perspective, companies see a wall of security: Firewalls, proxies, EDR and SIEM. It looks impenetrable. But from an attacker’s point of view, they see gaps everywhere — opportunities to move laterally, evade detection and exploit weaknesses that security teams don’t even realize exist.
The reason? Most security strategies are built to satisfy compliance requirements, not to stop attackers.
Compliance is Not Security
Too often, organizations equate compliance with protection. If they check the boxes for SOC 2, PCI and NIST, they assume they are secure. But compliance only guarantees that basic security measures are in place — it doesn’t stop sophisticated adversaries.
Attackers don’t care if your company is compliant. They study how security tools work, reverse-engineer EDR solutions and design attacks that slip through the cracks of well-documented defenses.
Most companies are playing by the rules, while attackers look for ways to break them.
Cybersecurity is a Data Search Problem
The fundamental challenge in cybersecurity is not just detection — it’s visibility. Most security teams operate reactively, analyzing logs, chasing alerts and trying to reconstruct events after the damage is done.
This approach is broken for two key reasons:
- Logs are incomplete – They tell you what happened, but not what was missed.
- EDR is reactive – It flags known threats but struggles with novel attacks.
If a security team is only looking at logs, it’s like investigating a crime scene after all the physical evidence has been swept away. Defenders require more than observations of what happened, they need the complete picture to understand the complexities that only comprehensive historical visibility can provide. This goes beyond metadata, encompassing the actual files, scripts and executables adversaries use during their operations.
AI: A Rising Tide for Attackers and Defenders
AI is already reshaping cybersecurity, but let’s be honest — no one truly knows where this is going. Anyone claiming they have a definitive answer on AI’s future impact is guessing.
What we do know is that attackers will use AI to evade detection, generate polymorphic malware and automate attacks. But defenders can also harness AI to process massive datasets, detect anomalies, and predict threats before they escalate.
AI is a rising tide. It will lift both attackers and defenders — but those who fail to adapt will be left underwater.
A New Approach to Defense
Security teams need to stop relying on compliance checklists and start thinking like attackers. That means:
- Assume your defenses will fail — build security layers that reinforce each other, not just sit side by side.
- Move beyond logs — collect and analyze all artifacts, not just metadata.
- Use AI intelligently — not as a silver bullet, but as a force multiplier for threat detection and response.
Security teams need to rethink how they collect, store and analyze data to close the visibility gaps attackers exploit. At Stairwell, we collect and preserve all executable files, scripts and binaries — so security teams can search, analyze, and detect threats that would otherwise go unnoticed.
So, ask yourself: Are you seeing your security program through your own perspective or the attacker’s eyes? If it’s the former, it’s time for a new approach.
