Layered? As in remove all data, bury it in a deep hole, surround it with concrete, reinfoce that with rebar, surround it with razor wire, stake out dobermans and pit bulls, don't feed the dogs? That kind of layering?:) Acidus wrote:
That's quite an image, isn't it? It's ISS CEO Tom Noonan holding a silver bullet, announcing the Proventia IPS product in the October 2003 issue of ISS' Connect magazine. Raise your hand if you think IPS or anything else ISS has produced is a silver bullet. No takers? I don't mention this to criticize ISS, specifically. Rather, I'd like to emphasize the importance of proper frames of reference when considering security.
HAHA! I've enjoyed Richard Bejtlich's humor for a while now, but this was too good not to post. Kidding aside, Richard raises a good point that nothing in security is a silver bullet. Not an application, not a WAF, not WebInspect, not security as a service, nothing. Security must be layered, composed of many and varied products and defenses. Anyone who says otherwise is a charlatan.
RE: Silver Bullets and the Network Werewolves |
