PenTales: Pentest Shows Why Defense-In-Depth Is Critical
Rapid7, Wednesday, July 30th, 2025
When we talk about cybersecurity, much of the focus tends to center around keeping attackers out-blocking unauthorized access, hardening perimeter defenses, and protecting login credentials. These are all important protections, but what happens once someone is inside the system, even with legitimate access?
This is why we need defense-in-depth. Defense-in-depth is a cybersecurity strategy about employing multiple layers of security controls to protect an organization's assets, systems, and data where if one security control fails, others can thwart the attack or minimize the impact.
This blog post highlights where many applications fall short; just because a user is authenticated doesn't mean they should be completely trusted or have free rein. During a recent penetration test, we encountered a real-world example that highlights how impactful these issues can be, especially in sensitive environments like healthcare.