Given the booming state of the cybersecurity market, industry rhetoric is at an all-time high. One of the more nonsensical infosec banalities goes something like this: Cybersecurity has always been anchored by incident prevention technologies like AV software, firewalls, and IDS/IPS systems, but sophisticated cyber-adversaries have become extremely adept at circumventing status quo security controls. Therefore, organizations should give up on prevention and focus all their attention on incident detection and response.
Now I certainly get the logic of this platitude. Yes, the bad guys do know how to get around our defenses and organizations should in fact improve their detection and response capabilities. But abandon or minimize incident prevention? Poppycock!