Storm clouds gather and there is unrest in the land; thieves wander the highway with impunity, monsters hide in every tree along the road, and wizards cast spells while handing travelers amulets for their protection. Believing in the power of the talismans, our hero strides forth, wrapped in his magical invincibility, confident he will be the master of any threat he encounters.
Our hero, however, has been deceived. The pratings of amulet peddlers were repeated endlessly by the untutored peasants around him, but he will soon discover that incantations and alchemy are poor substitutes for a real suit of armor, a sturdy sword by his side, and a good plan in his head.
Although this might seem like the start of a fantasy novel, it parallels the state of today’s computer security.
The problem is not in the quality of the solutions we use to protect our computers; truly, many of today’s security offerings are nothing short of wondrous, developed by dedicated, experienced, and uncommonly talented people. Yet when we look at the overall state of security, the achievements resemble misdirection and magic more than a responsible and effective strategy.
What we need is a new security strategy that makes better use of our current tools and guides the development of new ones. The alchemists and apothecaries of old made many valuable discoveries in chemistry and medicine, but their insights proved effective only when modern ...