A while ago the phrase "Self-Defending Network" was popularized by Cisco.  I am not sure why I do not hear this phrase often. What's up with that?

Here are reasons why Self-Defending Network is a far-fetched idea:

1. Security is not just technology alone. Security is people, security is process, security is technology.

2. The threats are evolving and moving up the stack. The motive of hackers is financial gain, not ego display as in the past. The exploits are very focused & covert vs. widespread & ostentatious. It is hard for Self-Defending network to identify distinguish a focused & covert traffic from a normal traffic.

3. Network is an ecosystem of software and hardware from multitude of vendors. A Self-Defending Network cannot keep a tab on the vulnerabilities across the board.

4. Number of vulnerabilities is not finite. The permutations and combinations of vulnerabilities add more complexity. Self-Defending Network cannot keep a tab on all those.

5. The components (Firewall, IPS, NAC Et. Al.) of Self-Defending network should evolve synchronously in order to inter-operate and still be effective which is less than likely.

6. Self-Defending network cannot understand your business systems and prioritize risks.

7. Self-Defending Network cannot provide physical security to itself.

and many more..

Building and maintaining a network which can shield network from threats that you perceive as risks to business [within the limits of your budget] is practical.

At RSA 2007 compliance phrases were flying all over, Real-time Compliance, Continuous Compliance, Sustainable Compliance, ad-nauseum. The famous McAfee party was my savior, I downed few glasses of wine and that helped me regain my orientation. Riding back home on the cal-train I was wondering if customers buy vendor phrase or real solution that address their concern. The vendor phrase seems to be an eternal winner.