> If an attacker is capable of installing apps on your server... you've already lost.
That is a deep misunderstanding of how security works.
The defender’s dilemma states that breaches are inevitable because defenders have to be right 100% of the time whereas attackers only have to be right once. This is why you have to defend in as many layers as possible.
A better way to approach it is to assume that at any given time an attacker can execute code on your systems (because they have knowledge and access to unreleased exploits) and work on ways to detect anomalies and behaviors indicative of compromise as well as limiting the blast radius.
That is a deep misunderstanding of how security works.
The defender’s dilemma states that breaches are inevitable because defenders have to be right 100% of the time whereas attackers only have to be right once. This is why you have to defend in as many layers as possible.
A better way to approach it is to assume that at any given time an attacker can execute code on your systems (because they have knowledge and access to unreleased exploits) and work on ways to detect anomalies and behaviors indicative of compromise as well as limiting the blast radius.