Coming to Grips with Security

IT security has evolved dramatically over the last few decades and as such data-loss prevention software, intrusion-prevention systems, and multifactor authentication have become important for various companies. Rather than focusing on the perimeter system, looking for holes in firewalls and finding unpatched servers, attackers are now focusing on workstations. Neils Provo and his colleagues examined the amount and success rate of drive-by Web-based attacks on URLs randomly chosen from the Google database. Given the sophistication of modern adversaries and the difficulty most enterprises have locking down their workstation environments, our systems are likely to suffer from successful exploits. A matter of concern is that firewalls and antivirus products use the same basic technology they have been using for over a decade, and that the state of the art for defensive security products has not advanced as the threats have changed.