There’s an old saying in security: “Attackers only have to be right once; defenders have to be right every time”. We call this “the Defender’s Dilemma”, and many organizations have built their entire security programs around it. But the Defender’s Dilemma is based on a very narrow slice of the attack lifecycle: the initial point of entry. When you look at the full scope of both the attacker’s and the defender’s activity, you see that the assumptions underlying the Defender’s Dilemma are misleading at best, and often entirely wrong. In this presentation, we’ll examine each of those assumptions and demonstrate that they are untrue. In fact, defenders have many advantages that they often fail to realize, and by exploiting them we can create a beneficial situation known as “the Attacker’s Dilemma”.
By the end of this session, attendees will not only realize the fundamental untruths of the Defender’s Dilemma and their negative impacts on security, but also understand how the Attacker’s Dilemma can increase morale, raise attackers’ costs, and improve the security posture of their organizations.