Multi-layered security is like a strong NFL defense

By Phil Wandrei

You can feel the excitement! National Football League season is underway. The best part is it is still early in the season, and every team has a chance for the playoffs, at least mathematically. 

Except for my team. Their defense has been terrible. After watching my team lose because of poor defense again, and don’t get me started on our kicking game, it got me thinking about what is needed for a strong defense?  A strong defense needs to be good at multiple levels, from coaching to all 11 players on the field. You need a balanced defense to be successful, or the offense will exploit the weaknesses. In many ways, multiple layers of security is required for strong ransomware protection and recovery. At Commvault, we provide a multi-layered security framework built on Identify, Protect, Monitor, Respond, and Recover.1

Multi-layered Security Framework

The more I thought about it, the more there are similarities between these five multi-layered security areas and an NFL defense, and here is why: 

It Starts with a Game Plan

The Defensive Coordinator is responsible for the game plan and identifying the tendencies of the opposing offense. The Defensive Coordinator assesses the risk and reward of their play calling, i.e., when to blitz or not. The success or failure often hinges on their decision-making and sets the tone for the game. In multi-layered protection, this is “Identify.” Have you assessed and mitigated the risks in your environment, do you have a strong recovery plan, and have you practiced it? 

Protect your line of scrimmage

The Defensive Line holds the line of scrimmage and attacks whoever has the ball. Their goal is to stop the run by locking down the line of scrimmage and contain the quarterback on passing plays. These beefy players are “Protect” in multi-layered security. You need to lock, harden, and isolate data and your environment from unwanted changes; you need to hold your line of scrimmage. 

Have a strong field of vision

Linebackers must read the offense, make a snap decision if it is run or pass play, and react to it with lightning speed. The position requires versatile skills and athletic abilities. The linebacker of ransomware protection is “Monitor”: scanning the entire environment, determining if suspicious activity is occurring, and reacting quickly through alerts and notifications.

Respond quickly with coordination

Cornerbacks cover receivers downfield and tackle ball carriers which make it past the defensive line and linebackers. They tend to be quick as they isolate and defend against speedy wide receivers and cover much of the field. Cornerbacks are the “Respond” in multi-layered security. Against a threat, you need to respond quickly with coordinated actions and workflows across your entire environment.

Recover is your last line of defense

Safeties are the last line of defense on the field. They help defend against the pass and have to be reliable tacklers as they are the last player preventing a touchdown. In multi-layered security, the safety is “Recover”. In a ransomware attack, you need to recover your data to resume operations quickly. Without Recover, ransomware wins the game!

The risk of a one-dimensional defense

For ransomware protection and recovery, like football, you need a solid and balanced defense. But what if it is not? For example, what if a data protection company only offers zero trust for its ransomware protection? That is one-dimensional, just like a team playing 11 defensive linemen. It is susceptible to other exploits, such as passing plays. By only offering zero-trust, it foregoes the different tools needed for Protect, such as air gaps, network segmentation, and immutability. Also, it completely overlooks the other four layers of security; Identify, Monitor, Respond and Recover. To succeed, you need a balanced defense in football and multi-layered security against ransomware.

Defense wins championships

Both a strong defense and a multi-layered security framework need a  balanced approach. It provides the best coverage to keep the other team from scoring and ruining your day. Learn how Commvault can help you protect against and recover from ransomware at

“In reality, cyberthreat protection requires a multifaceted strategy with tight collaboration between infrastructure and operations (I&O) and security pros. Tech leaders must address all five parts of the National Institute of Standards and Technology (NIST) framework.”

– Forrester

Don’t miss Connections 21 – the industry’s premier hybrid data services event, broadcast live on Oct 28 – to wherever suits you.  Engage with fellow IT leaders from ADP and Amazon Web Services and find out what innovations are coming as we exclusively unveil our portfolio roadmap. 

References– 1 Based on the National Institute of Standards and Technology (NIST) cybersecurity framework. – 2 Forrester, Effective Ransomware Response Requires Coordination Between I&O and Security, by Brent Ellis, Naveen Chhabra, Allie Mellen, Steve Turner with Glenn O’Donnell, Audrey Lynch, Marissa Fritz, September 9, 2021.