Perimeter defense is a lost battle. Like old generals, we're still fighting the last war, in which our network was a castle with impregnable walls, a well-defined entry point across the drawbridge (head-end router), portcullis (firewall) and guards (IDS). Today's infosec paradigm is submarine warfare. Attacks can come from anywhere, at any time. There's no well-defined perimeter, and it's often difficult to tell friend from foe. Defenses should focus on hardened, well-protected assets--not bigger, stronger fences. Stealth, intelligence gathering and deception play increasingly critical roles in enterprise security.
We have failed to adapt to the rapid changes in technology that have fundamentally altered the battle we're fighting. Instead, we continue to spend money on point solutions to counter the latest attacks. We need a fundamental change in thinking--not just more layers of firewalls, IDSes and network components. We're simply fueling an infosec arms race, in which the only victors are the arms suppliers.
