The RSA Conference is just around the corner, and with it, one of the true spectacles of the security industry. If you visit the show floor of exhibitors you will find a seemingly endless sea of security vendors and products stretching in all directions, each one promising to be the critical missing piece to save you from the next attack. It can be exciting, quasi-educational, and more than a little mind numbing all at once.
It's easy to think that attackers have gained an unfair advantage over security professionals. The network perimeter has virtually dissolved, compelling enterprises to simultaneously work to keep the bad guys out while tackling multiple insider threats – naïve employees, malicious insiders, careless third parties, and undetected malware or intruders that have already breached network defenses.
The challenge for security teams today? Legitimate users and activities should not be impeded, but determining what activity to block and what to allow is not always easy.