- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
Don’t Just Patch, Protect!
- Abstract
- There is a tragedy in our information security world that is being ignored. External attacks on corporate resources continue to gain the attention of the media. Why? Because they are sensational, the things movies are made of. But study after study continues to show that internal attacks make up a larger percentage both in incidences and cost. Why has nothing changed? Mostly because security analysts all over the world still continue to look at security infrastructure in a traditional manner. The basic approach has not changed since the birth of the firewall; segment the network, create security zones and monitor traffic between security zones. Then install antivirus, patch the system, then sit back and pray.