Network security practitioners often look to solve technical problems with technical solutions: “The engineers got us into this mess; they can get us out of it.”
I know what you’re about to say: “It took all of us to get into this mess, and don’t underestimate the importance of physical and administrative controls!” OK, I agree. But, maybe they’re still right. Taking everything into account, perhaps technical controls are the most effective path forward.
There are good reasons to conclude they are. After all, on the policy front things look grim. Consumers have proven unwilling or unable to demand or implement security, yet they eagerly adopt the latest products and services that are sold “as is, and without warranty of any kind.” The results are predictable. Consider botnets, and the 760 million computer infections recorded last year alone. And then there’s the scourge of phishing. Once a malicious email makes it to an inbox, 23 percent of users will open it, and 11 percent will click on the attachment.