Neil MacDonald

A member of the Gartner Blog Network

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Coverage Areas:

100% Prevention is a Fallacy. Lockdown is a Flawed Strategy

by Neil MacDonald  |  January 25, 2011  |  Comments Off

I’ve commented before that complete protection is a combination of prevention and detection and that we’ve been far too focused on the prevention side of the equation trying to prevent all malware and infections.

We simply cannot stop all of the bad guys. Period. You will be and already have been breached.

One of the areas of research I’ve looked at over the past several years is how the human body and how the immune system protects us from known and unknown attacks. The goal of this line of research is not to reproduce the immune system with technology. The goal is to take the lessons from how the immune system works and apply these to information security.

One interesting factoid about the functioning of the human immune system is that, reportedly, humans have ten times more bacteria than human cells and again in this story, the claim is 20x! Some are actually quite beneficial to the host environment. Doesn’t this sound like most of our IT infrastructures today where the number of unofficial applications/plugins etc far outnumbers the officially supported ones? These aren’t necessarily bad – in most cases, end-users are best positioned to understand the ways they need to extend their workspace to get their jobs done.

Trying to prevent all unknown [bacteria/viruses in life]/[code/applications/plugins in IT] has never been a workable strategy (think “boy in the plastic bubble”). We can’t do it in real life, why should we expect to achieve this in our own infrastructure?Further, we’ve evolved our immune system to allow us to continue to function in the midst of all of this unknown code – some of which may represent a threat, some that does not.

As human beings, we are continually breached. All of the time. Yet we continue to function quite well in most cases. Why can’t IT?

Does that mean we shouldn’t apply any efforts to prevention? Not at all. I’d say it differently:

Prevent what we should and detect leakage, damage and loss if it occurs.

The rest? Just let it go.

Perhaps this is the better strategy for information security moving forward?

Comments Off

Category: Beyond Anti-Virus Next-generation Security Infrastructure Virtualization Security     Tags: , , , , ,