Question: Time-to-exploitation is the elapsed time between when vulnerability is discovered and when it's exploited. That time has shrunk from months to minutes so IT staff have ever-shorter timeframes to find and fix flaws before being compromised by an attack. Some attacks exist for as little as two hours, which means that enterprise IT security systems must have real-time protection. The Information Security Forum (securityforum.org), a self-help organization that includes many Fortune 100 companies, compiled a list of the top information problems and discovered that nine of the top ten incidents were the result of three factors: Mistakes or human error, Malfunctioning systems, Misunderstanding the effects of adding incompatible software to an existing system. Unfortunately, these factors can often overcome the IT security technologies that companies and individuals use to protect their information.
Discuss the major objectives of a defense strategy? What is a firewall? What can it not protect against?