Justification
I make the assumption that there is always another entrance vector--do you? Given that assumption, here are the options I see (other options seem like such a farce).
Options
- decompose systems so compromise of a component presents minimal risk (i.e. least privilege, manadatory access control, semantic containment)
- deploy (active) detection-response systems capable of detecting unknown attacks, responding, and ultimately mitigating some of the risk of new vulnerabilities
Implications
The former option really implies that if you *know* something should never happen, then configure/modify they system so it cannot happen. As an aside, patching only accomplishes this to a limited degree, since it is only fixing things we know are a problem (not inclusive of the things we know should never happen), and we still probably can't patch fast enough.