Approaching Zero

Many in security fear the zero-day vulnerability for how can we protect against a vulnerability we donýt know if we don't know what the vulnerability is? Sure, we can implement defense-in-depth, redundancy, and enforce the minimum privilege principle, but at the end of the day, how do we know that we've done enough?