I could not help reading the Security 2.0 posts by Mark Curphey and I especially liked the Business Activity Monitoring discussion.  However, I see 2 major enemies that cause us pain every day and put organizations at great risk.  In my mind neither of these has been addressed properly.  

Enemy #1: Many internal penetration tests obtain the admin or root access by guessing passwords. 

Enemy #2: What do I say? Unpatched systems are an initial point of entry for many attacks both internally and externally.  Tools like Metasploit make it even easier.

Of course I’m not throwing out statistics, but I see first hand the results weekly.   One can only hope that the Security 2.0 solution addresses the problems with passwords and patches.