Gartner Blog Network

100% Prevention is a Fallacy. Lockdown is a Flawed Strategy

by Neil MacDonald  |  January 25, 2011  |  Comments Off on 100% Prevention is a Fallacy. Lockdown is a Flawed Strategy

I’ve commented before that complete protection is a combination of prevention and detection and that we’ve been far too focused on the prevention side of the equation trying to prevent all malware and infections.

We simply cannot stop all of the bad guys. Period. You will be and already have been breached.

One of the areas of research I’ve looked at over the past several years is how the human body and how the immune system protects us from known and unknown attacks. The goal of this line of research is not to reproduce the immune system with technology. The goal is to take the lessons from how the immune system works and apply these to information security.

One interesting factoid about the functioning of the human immune system is that, reportedly, humans have ten times more bacteria than human cells and again in this story, the claim is 20x! Some are actually quite beneficial to the host environment. Doesn’t this sound like most of our IT infrastructures today where the number of unofficial applications/plugins etc far outnumbers the officially supported ones? These aren’t necessarily bad – in most cases, end-users are best positioned to understand the ways they need to extend their workspace to get their jobs done.

Trying to prevent all unknown [bacteria/viruses in life]/[code/applications/plugins in IT] has never been a workable strategy (think “boy in the plastic bubble”). We can’t do it in real life, why should we expect to achieve this in our own infrastructure?Further, we’ve evolved our immune system to allow us to continue to function in the midst of all of this unknown code – some of which may represent a threat, some that does not.

As human beings, we are continually breached. All of the time. Yet we continue to function quite well in most cases. Why can’t IT?

Does that mean we shouldn’t apply any efforts to prevention? Not at all. I’d say it differently:

Prevent what we should and detect leakage, damage and loss if it occurs.

The rest? Just let it go.

Perhaps this is the better strategy for information security moving forward?

Category: beyond-anti-virus  next-generation-security-infrastructure  virtualization-security  

Tags: adaptive-security-infrastucture  beyond-anti-virus  defense-in-depth  next-generation-security-infrastructure  reducing-complexity  virtualization-security  

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.