"In 2007, it's estimated that there were about 500 million network-connected devices on the planet. By the end of 2010, that number will grow to 35 billion -- that's five devices for every person on Earth," says Don Proctor, senior vice president in the office of the chairman and CEO at Cisco Systems. "We can't secure them by patching them all at the endpoint. We have to say goodbye to the perimeter."

 

In fact, some security professionals -- even some vendors -- are rejecting the fundamental notion that the perimeter can be completely defended. The new assumption: The enterprise will be compromised, and probably already has been.

"At this point, the security team can have no confidence that a given host has not been compromised -- the bad guys are already inside your environment," says Amit Yoran, CEO of security vendor NetWitness and a former White House cybersecurity adviser. "All of the threats that really matter are already inside the network."

While not all security experts agree on this philosophy, most agree that tomorrow's security teams will have to spend at least as much time analyzing logs, events, and incidents as they currently do on building perimeter defenses. That means more focus on security analytics, forensics, and incident response.

"Over time, the people in the SOC will find that they're spending more time as data analysts, rather than security analysts," says Joe Gottlieb, CEO of SenSage, a maker of security information and event management (SIEM) tools. "They'll be doing a lot more data mining to find the source of a problem.