The security industry tends to develop and implement new protection strategies in a very linear way (e.g. if the attacker beats two-factor authentication, introduce another element and make it three-factor authentication, etc.). In fact, one of the core mantra’s of security is “defense in depth” – i.e. keep on adding layers of protection to cover the full spectrum of threat. The net result of all this is that most defenses are complex – complex to manage and complex to use.
At the Frequency X blog.
[ Read more ]