033
ENTERPRISE SECURITY BLUEPRINT
CONTROL LAYER
02
Control Layer Summary
The role of the SDP architecture Control Layer is to generate and deploy protections to the
Enforcement Layer. These protections include Threat Prevention, Access Control and Data
Protection.
By systematically mapping these protective controls to the risk associated with each segment
and its assets, an enterprise can implement a robust multi-layer protection against any type
of attack, including APTs.
To develop the appropriate protections, the Control Layer relies on repositories of data
that include knowledge of the organization and its information systems (Access Control),
knowledge of threats (Threat Prevention), and knowledge of data assets and their
classifications (Data Protection).
Finally, it is also critical for today’s enterprises to perform a risk analysis of each segment,
map the assessed risks to relevant security controls and then analyze interaction paths to
maximize protection coverage at each enforcement point.
