From the “Should we have to say this” department: Security firms ‘overstate hackers’ abilities to boost sales’

In a recent speech at the Usenix Enigma security conference, the technical director of the UK’s National Cyber Security Centre, Dr. Ian Levy, stated that security companies are overstating the abilities of malicious attackers.  To anyone that has

  1. worked in the security world for any significant amount of time and
  2. has ever met a sales person

this should not be surprising news.  Not only do vendors like to sell their “magic bullet” for security, many sell the “boogieman” of the über 1337 hacker.  With such skilled and relentless attackers, you are crazy to not buy their product or service.

There are some amazingly skilled hackers in the world and virtually nothing will stop them cold, definitely not a single product.  Real security is based around a layered security architecture (aka Defense in Depth) with multiple products, procedures, and processes mitigating the shortcomings of each of the other layers.

How many layers?  That really depends on the classification of the data you are trying to protect, not the boogieman that you are being sold.

For more to the story, check out the BBC story.