1 comment

[ 4.2 ms ] story [ 13.3 ms ] thread
> Runtime security can be implemented through monitoring

Sometimes a response engine is good enough for your use cases, but in an ideal scenario where there are predefined events that you know should not occur, like some user-uploaded file being executed, there would be some form of prevention instead of automated incident response. Even a quick response has potential for impact during the delay.

EG, a write to a database that slips through in a sub-second gap can widen exposure significantly if it is done tactically enough, such as adding new admin rights to a login for a web application.