I could not help reading the Security 2.0 posts by Mark Curphey and I especially liked the Business Activity Monitoring discussion. However, I see 2 major enemies that cause us pain every day and put organizations at great risk. In my mind neither of these has been addressed properly.
Enemy #1: Many internal penetration tests obtain the admin or root access by guessing passwords.
Enemy #2: What do I say? Unpatched systems are an initial point of entry for many attacks both internally and externally. Tools like Metasploit make it even easier.
Of course I’m not throwing out statistics, but I see first hand the results weekly. One can only hope that the Security 2.0 solution addresses the problems with passwords and patches.