The state of the [security] industry

The thought leaders in security have come to realize that even strong defenses are penetrable. They understand that in spite of the millions of dollars spent and their best efforts, that enterprises are already compromised and will continue to be compromised for the foreseeable future and that all of the vendor and marketing claims and promises are not about to change that very cold and stark reality. If anything, the increasing complexity of technology has increased the ease with which easy-to-use advanced threats can impact enterprise business environments with little care for their state of compliance with meaningless regulatory mandates. While expecting perfect protection is a failed strategy, many on the leading edge are learning to operate in environments they suspect of being partially compromised and increasingly focus their efforts on the ability to understand incident scope, impact and validate cleanup. -- Amit Yoran, CEO of NetWitness
The entire article is full of insightful comments by many key players in the information security space. Absolutely worth the 5-10 minutes it will take you to read it, even if you find yourself disagreeing with some of the opinions.

Src: The state of the industry | SC Magazine US

No comments: