Home / Blogs

The Diet Pill Security Model

The information security industry, lacking social inhibitions, generally rolls its eyes at anything remotely hinting to be a “silver bullet” for security. Despite that obvious hint, marketing teams remain undeterred at labeling their companies upcoming widget as the savior to the next security threat (or the last one—depending on what’s in the news today).

I’ve joked in the past that the very concept of a silver bullet is patently wrong—as if silver would make a difference. No, the silver bullet must, in fact, be water. After all, chucking a bucket of water on a compromised server is guaranteed to stop the attacker dead in their tracks.

Bad jokes aside, the fundamental problem with InfoSec has less to do with the technology being proposed or deployed to prevent this or that class of threat, and more to do with the lack of buyers willing to change their broken security practices and compliment their new technology investment.

Too many security buyers are effectively looking for the diet pill solution. Rather than adjusting internal processes and dropping bad practices, there is eternal hope that the magical security solution will fix all ills and the business can continue to binge on deep-fried Mars bars and New York Cheesecakes.

As they say, “hope springs eternal”.

Just as a medical doctor’s first-line advice is to exercise more and eat healthily, our corresponding security advice is harden your systems and keep up to date with patching.

Expecting the next diet pill solution to cure all your security ills is ludicrous. Get the basics done right, and get them right all the time first, and expand from there.

By Gunter Ollmann, CTO, Security (Cloud and Enterprise) at Microsoft

Filed Under

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.



IPv4 Markets

Sponsored byIPv4.Global


Sponsored byVerisign

Domain Names

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

Brand Protection

Sponsored byCSC