> I am continually frustrated by the number of people who claim that protection is worthless if it's potentially circumventable. In most situations, covering 90% of attacks is still worthwhile
People are saying that because it's misguided and potentially harmful.
Doing so is security theater, where the solution is scoped down to something incomplete but easier, and then everyone walks away happy they solved 90% of the smaller problem they chose to attempt.
Particularly with things like data exfiltration, this is potentially harmful because then you've organizationally blinded yourself.
Nobody wants to poke holes in their own solution, and so they stop looking.
But, hey, we're catching the odd employee accidentally sharing confidential documents via OneDrive.
Fast forward a year, and an entire DB gets transferred out via an unknown vector, nobody finds out about it for a couple months, and it's all "Oh! How did this happen? We had monitoring in place."
Go big, or run the risk of putting blinders on yourself.
The way I'm reading this, your attitude seems to be "if you can't stop targeted nation state actions you might as well not bother with network security and just run unencrypted wifi everywhere."
Network security is a balancing act between prevention, detection, needed user and network capabilities and cost. If I have unlimited money or no limitations on hindering network usage I can make a 100% secure network - it's not even that expensive, just unplug it all.
People are saying that because it's misguided and potentially harmful.
Doing so is security theater, where the solution is scoped down to something incomplete but easier, and then everyone walks away happy they solved 90% of the smaller problem they chose to attempt.
Particularly with things like data exfiltration, this is potentially harmful because then you've organizationally blinded yourself.
Nobody wants to poke holes in their own solution, and so they stop looking.
But, hey, we're catching the odd employee accidentally sharing confidential documents via OneDrive.
Fast forward a year, and an entire DB gets transferred out via an unknown vector, nobody finds out about it for a couple months, and it's all "Oh! How did this happen? We had monitoring in place."
Go big, or run the risk of putting blinders on yourself.