One of the most common complaints I hear from information security
executives in large organizations is that they are constantly playing
defense, not offense. Their network security apparatus is designed to
wait for an attack, see if it’s successful and, if it is, to plug the
hole, then repeat.