The Ashimmy Blog

That seems to be what Robert McMillan is saying over on ComputerWorld. His article “Update: Security industry faces attacks it cannot stop” states that “despite billions of dollars in security spending, it's still surprisingly hard to keep corporate networks safe.”  Fresh off RSA, McMillan laments that botnets like Mariposa and attacks types such as APT (I know you are sick of hearing that term already) make the security industry powerless to protect our networks and information.

He goes on to say that endpoint anti-malware is just not capable of providing blanket, complete protection and frankly neither is anything else.

So does this mean that as an industry we have failed? I say no! 100% security is a pipedream. If anyone is seriously telling you that their product or service can deliver that they are a snake oil salesman. If you as a security exec or administrator are trying to architect that, you are doing a disservice to yourself and your organization.

Security is about managing risk. You can never eliminate the risk, you can just make it less likely to occur. But doing that is more than just throwing dollars and the latest fancy anti-APT stuff at it (now there is a new category of security devices waiting to happen).

Good security is about having process and procedures in place. Among those should be incident response. Part of good security is planning for a breach or incident. You cannot stop everything, it is going to happen. As important as trying to stop an incident is how you handle when an incident occurs.

Maybe if we gave as much thought and put as many resources into incident response as we do into trying to build a “bullet-proof” shield, we would have an overall better security profile and not feel like a failure every time an incident occurred.

Related articles by Zemanta

• The ugly truth: Security vendors can't solve many threats (infoworld.com)
• Update: Security industry faces attacks it cannot stop (computerworld.com)