Favorite Quote about Defense in Depth

rbcarleton

This is a little be off topic, but I came across this gem in the last few days:

“Expense in Depth – the multilayered approach to ensuring minimal return on investment." - Forrester analyst Rick Holland

It comes from a blog post:

http://blogs.forrester.com/rick_holland/12-12-09-expense_in_depth_and_the_trouble_with_the_tribbles

It is the epitome of a check book mentality, or perhaps a call to maximize existing investments? It was written before the Sony incident however. I wonder if Rick Holland has reimagined this article.

JDMurray

Well, let's see if this thread gets more play in the Off-topic forum then.

paul78

Interesting perspective - I actually echo a similar sentiment as the Rick. The funny thing about it is that 2+ years later, I'm not sure that we are any closer to a more holistic model. I think that what the author doesn't really address is that it takes good governance to control technology sprawl. For example, when server virtualization came out - we started to see server sprawl driving up support expenses.

Pupil

Vendors love to market and sell you their shiny state-of-the-art security appliance with nifty flashing lights that they claim will defend you from all attacks including zero-days, APTs, and cyber war. No sir, I do not wish to purchase your snake oil.

colemic

I swear, sometimes TE doesn't show me all the new/unread threads.

It's a good quote, and I agree /Paul, governance is key. Shiny boxes and blinking lights don't provide security, ultimately it's just a monitoring/alerting system. If you don't have good policies/procedures that support security, then all the appliances in the world won't help.