Time – It’s On the Attackers’ Side
Anup Ghosh, writing a comment on the Securosis blog observed: The fallacy of the logic in monitoring and response is that you can detect the attack that bypassed the tools. If you could, then you would simply update the tools, which is how the security industry works (and failed) by and large. Instead, humans end up detecting artifacts of attacks long after the attack has been successful—after the damage is done—hence the [Incident Response] industry was born that attempts to perpetuate itself by saying you can’t prevent the attack. That’s the most expensive dollar in security you can spend—incident response. [...]