As with all things in life, the focus on how to conduct enterprise security ebbs and flows between varying degrees of reactivity and proactivity. In the old school Security 1.0 world, where the focus was almost completely on network security, efforts were in general proactive in nature with firewalls and anti-malware seeking to prevent threats before they even occurred. This didn't work so well and so Security 2.0 focused on reactivity, wrapping things like encryption around the data so that even if a breach occurred, the loss would be mitigated. Yet breaches, and losses, continue to occur. So if primarily proactive security doesn't work, and if primarily reactive security also doesn't work, how then do we find the right balance between the two to find a security posture that does work?
Takeaways: