Cyber security has been a losing game of whac-a-mole for years as the malefactors manage to pop out of new security holes faster than IT and their software suppliers can plug the last batch. The game has also been a costly one for businesses and end users, which have collectively spent billions of dollars on an increasing array of products and annual upgrades to address each new threat category and set of exploits. The flip side being quite lucrative for the security-industrial complex, both established multi-billion dollar firms like Symantec and McAfee (now Intel Security) and startups like Fireeye and Palo Alto Networks, that have racked up multi-billion dollar sales and stock valuations in the past few years. Yet the spending hasn’t prevented a weekly barrage of high-profile security incidents. Indeed, the litany of big corporate hacks — Target, Home Depot, Paypal, et. al. — underscores the need for dramatic changes to security product designs and substantial upgrades to enterprise systems and practices.