> Runtime security can be implemented through monitoring
Sometimes a response engine is good enough for your use cases, but in an ideal scenario where there are predefined events that you know should not occur, like some user-uploaded file being executed, there would be some form of prevention instead of automated incident response. Even a quick response has potential for impact during the delay.
EG, a write to a database that slips through in a sub-second gap can widen exposure significantly if it is done tactically enough, such as adding new admin rights to a login for a web application.
Sometimes a response engine is good enough for your use cases, but in an ideal scenario where there are predefined events that you know should not occur, like some user-uploaded file being executed, there would be some form of prevention instead of automated incident response. Even a quick response has potential for impact during the delay.
EG, a write to a database that slips through in a sub-second gap can widen exposure significantly if it is done tactically enough, such as adding new admin rights to a login for a web application.