The loser's game is the security practice that's primarily oriented toward telling people what they can't do. If you're primarily a "denier", you're playing the losing game.
Prevention eventually fails. Breaches are inevitable, given persistent and motivated attackers. Defenders need to be focused on:
- Time to detection.
- Time to containment.
- Properly scoped remediation.
- Controls that focus on slowing down the attacker's movement to the target, increasing the defender's time to detect attacker activity and orient themselves toward containment and remediation.