When it comes to securing the enterprise, the attackers have the advantage. Defenders are required to protect against every conceivable threat while the attacker needs only a single attack vector to penetrate a network.

The universe of potential intrusion vectors is vast: faulty authentication mechanisms, gaps in the perimeter network, legacy applications, and, of course, human behavior are just a few examples. Unfortunately, enterprise security teams tend to focus on a handful of information security domains: