3.5. Mitigation Techniques

💡 First Principle: Mitigation is about reducing risk to an acceptable level, not eliminating it entirely. No single technique stops all attacks, which is why defense in depth layers multiple mitigations. Think of your immune system: it doesn't rely on one defense mechanism — it uses skin (barrier), white blood cells (detection and response), fever (environmental control), and antibodies (targeted response) working together.

What fails without systematic mitigation? Individual controls work in isolation but leave gaps between them. An organization with great perimeter security but no internal segmentation will be devastated once an attacker gets past the perimeter — they can move freely through the entire network. Mitigation planning ensures that when (not if) one layer fails, the next layer catches the attack.

Unlike detecting attacks (reactive), mitigation is about creating conditions where attacks either fail outright or cause minimal damage. The best mitigations make exploitation difficult, limit blast radius when exploitation succeeds, and enable rapid recovery.