In yesterday's Cnet news, an article was posted titled "The future of malware: Trojan Horses". It highlights how easy it is for cybercrooks to fly in under the enterprise's firewall and virus scanners by simply attaching an infected MS Office document to the email. The user clicks on the attachment, the malware is released and the enterprise is at medium to high risk dependant upon what the malware will do. Further, the article stated that only four antivrus softwares detect one type of attack that was first spotted months ago.
Bottom line: Don't expect your firewall and outer defences to defend the enterprise. Like the old castles built in the medieval days, you need to have a series of defences with the strongest being at the center. In enterprises, the walls need to be built using identity defences. As the identity gets closer and closer towards high risk systems, networks, buildings, rooms, applications and information, the authentication requirements must be increasingly stronger.
Build a layered identity defense using stronger authentication or....you'll be sorry.
del.icio.us