Not Having A Comprehensive Security Strategy
Ryan Hamlin, general manager, Access and Security Division, Server and Tools Business at Microsoft
Many companies mistakenly provide what they believe is "good enough" security, such as running antivirus only on the desktop or appliance, or relying on only a single technology at every scanning point in their network. Or they take a "react and patch" approach to security, just addressing problems as they come up with point solutions and fixes. The problem with both of these approaches is that they can expose vulnerabilities, lead to a single point of failure and overtax IT budgets and staff.
The best defense is a strong offense. Companies need to develop a comprehensive, layered defense strategy that identifies the people, processes and technologies required to create and maintain a solid security architecture for their business. This includes deploying security solutions at multiple levels in their infrastructure (for example, across client, server and network edge), utilizing different, complementary technologies that can be intelligently and efficiently managed as one, and having a strong and tested response process in the event the unexpected happens.