We are waaaaaay too focused on the prevention component and woefully inadequate on the detection component of this equation.
We overspend on increasingly ineffective prevention technologies — network and host based firewalls, intrusion prevention systems and antivirus technologies in a futile attempt to prevent all infections.
Zero infections is a fallacy. It is simply not possible, and getting harder.
We will be infected, we will be compromised. Targeted attacks will bypass our protection mechanisms.
Knowing this, do we give up on prevention? Of course not. But perhaps we need to revisit our budget priorities and allocations for 2011.
We absolutely must beef up our detection capabilities – activity monitoring, behavioral monitoring, configuration drift, file integrity monitoring and so on.
Ask yourself: “If I was compromised with a targeted attack where no signature was available, how would I know?”.
Complete protection requires both investments in both prevention and detection. We have been too lopsided in our investments for too long.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.