In the infosec world we continually preach about “defense in depth,” or layered security. The idea is that if a defensive measure at one layer fails, there are additional layers behind it that serve as a safety net. An interesting application of these concepts comes in examining the data feeds that provide information to our security tools. If one of the feeds goes down, will our security tooling continue to work as expected?