|
|
|
|
|
|
by shawnreilly
4379 days ago
|
|
|
I've always viewed security as a layered approach. The more layers you add, the better protected you are. I subscribe to the thought that nothing is 100% secure, so I would recommend to put as many layers as possible. In my opinion, the issue you should be concerned about is the effectiveness of whatever solutions (layers) you implement. I think it is being accepted by the industry that detection and prevention methodologies based on predefined data (signatures, rules, etc) are only as strong as said predefined data. In layman's terms, it will probably protect you from most unsophisticated attackers, but that's it. Today's most sophisticated attacks are one-off (0day) and/or custom, so they probably won't be defined. In this regard, some of the newer generation security solutions are developing / using smarter detection and protection methodologies (real time adaptive models vice defined positive and / or negative models). I don't mean to paint a negative picture, but I am trying to illustrate the importance of multiple layers. ModSecurity seems to be the preferred open source solution with a more active community than the rest. But Intel and Oracle also have some interesting solutions in this space. |
|
|
A proper threat and risk analysis should be done so you can have a cost-effective solution. Security is expensive and maybe the cost of a breach is way cheaper than the security appliance or experts you hire.
Sometimes the best security solution is not to have anything, because it doesn't really matter.