Security Industry Faces Attacks It Can't Stop

itwbennett writes "The takedown of the Mariposa botnet and so-called advanced persistent threat attacks, such as the one that compromised Google systems in early December, were hot topics at the RSA conference last week. What both Mariposa and the Google attacks illustrate, and what went largely unsaid at RSA, was that the security industry has failed to protect paying customers from some of today's most pernicious threats, writes Robert McMillan. Traditional security products are simply not much help, said Alex Stamos, a partner with Isec Partners, one of the companies investigating the APT attacks. 'All of the victims we've worked with had perfectly installed antivirus,' he said. 'They all had intrusion detection systems and several had Web proxies scan content.'"

News Report: The Sky Is Blue

[bobdehnhardt]

No security is perfect, never has been, never will be.

And security isn't static. The attacks keep changing; defenses need to change to meet the attack. That means the defenses are reactive - they lag behind the attacks. That means the attacks will always work, at least for a little while, longer against companies and technologies that don't keep up.

Gee, I should become an industry analyst. I can state the obvious with the best of 'em.