We have a problem in the security space.
It is widely touted that marketing and ill-informed managers and non-technical C-levels are looking for silver bullets when it comes to computer security. Most security experts will respond that there is no silver bullet. In fact, we say this a lot even though no one is truly arguing this topic…at least not anyone important or knowledgable about our industry. We seem to just like saying it amongst each other.
Now, speak to security researchers about wireless security and the use of WEP. Some will get very vehement in saying that WEP is broken and useless and get rather vicious in deriding anyone who says they use WEP for their home wireless network.
See the problem here?
What is disturbing is the ability for us to completely reject a countermeasure or protection as worthless just because it is not perfect, yet we reject the concept that there is a perfect countermeasure. In the above case, WEP may have holes and be easily broken to someone with the knowledge, but it still has value because it can block a large group of unskilled attackers. IDS may be circumventable and may not catch everything, but it still has value to catch the low-level stuff and mass attacks or worm traffic and such.
We should always be careful not to think there are silver bullets in security but yet fully reject bullets that are 25% silver. Every little bit that we can raise the bar for attackers is a little bit more security we will gain.