Neither small to large enterprises nor government institutions are immune to the threats that pervade today’s security landscape. Leakage of congressional documents, a half million credit card numbers hacked from a leading web host provider, and even a major security vendor falling victim to a website breach are just a few recent headlines that proclaim the costly network threats facing organizations of all types and sizes.

These network threats can typically be classified into four categories: threats coming in, threats invited in, threats already in, and threats going out. Incoming threats typically deal with network perimeter attacks, such as SQL and XSS injections that take advantage of vulnerabilities in an organization’s pubic web portals to get to sensitive data on backend databases or to steal sensitive user information. Threats invited in take on many social and technological forms, from emails phishing for information or inviting users to fall prey to drive-by downloads, as well as online social interactions that make seemingly innocent requests for personal or confidential information.