With regulatory compliance high on the corporate agenda, standards such as PCI, SOX, HIPPA, etc., require that data be handled securely. Not only do networks need to be secured, but they also must demonstrate security via comprehensive reporting.

Arguably, legislature and governance are constantly playing catch up with the increasingly threatened online world. New standards are an important and positive development, but they often fall short of recommending specific technologies that help maintain a secure digital infrastructure.

Traditional security products have long concentrated on protecting the network perimeter. Although some organizations use firewall technology on their internal networks, it is unfortunately far more common to encounter a lack of security at the network core. Implementing endpoint security is one approach to this gap in defense, but this method can be unwieldy in large networks. Users require different applications so it is unlikely that a single “one size fits all” desktop configuration will be realistic. Multiple desktop configurations and user profiles are the norm and require multiple endpoint security policies.

Before the widespread use of PCs and the Internet, company networks typically ran in isolation using a plethora of proprietary protocols and hardware. This provided security by obscurity.  Hackers and virus writers had to learn about different vulnerabilities for each new target. Their target surface area was limited to the system they were currently focused on. Now, we live in a world where the PC dominates the enterprise and the Internet is an essential part of business life.  However, this uniformity of technology has leveled the playing field for hackers, virus writers and other vagabonds of the information world. 

Some of the best known security applications (e.g. anti-virus) have depended on signature engines to identify threats. Signature engines compare production data to a list of known patterns.  If the signature engine identifies a match, then it alerts or takes some kind of mitigative action.  Signature-based threat identification is very effective for known threats but is limited in identifying the unknown.  This exposes a fundamental weakness in many signature engines.  The workaround is to continually update the list of signatures.  But, there is a noticeable and potentially costly gap, in terms of downtime and extensive infection, while anti-virus struggles to create a suitable signature to identify new threats.  Many viruses and worms are easily disguised so that anti-virus engines cannot detect them until the next signature update.