Serious Discussion Which layer of defense contributes the most to your overall security?

I think asking for the major defense technology used only answers the real question partially. The real question is - how do we stop attacks?

Since we can't know of all the attack vectors and 0 days, my approach is to address the methods of obtaining persistence. When the attacker cannot obtain persistence, then her efforts will be in vain. She can land on my box, but she can't do anything.

Use Application Control, that will take care of denying foreign executables. Then take care of interpreters running foreign scripts. Then take care of denying LoLBins. Additionally restrict exe's from running from user writable paths. Just go down the list of Mtre Attack's Persistence column. They are all mitigatable IMHO. That's the game plan to follow.

It is systematic, and addresses all known persistence TTPs in automated malware and hand-on-keyboard adversary attacks..
 
Last edited: