1. Both can be bypassed by smart attackers who know they’re being profiled.
2. Both have moderate success in catching less-dedicated attackers.
3. You shouldn’t think either is a defense by itself.
4. Despite their weaknesses, they are still an essential part of a security program.

In other words, both security layers are worthwhile, but they both also become dangerous when their effectiveness is overestimated. ::