Known security vulnerabilities present the greatest electronic security risk now confronting network organizations. Such vulnerabilities must be guarded against in order for enterprises to secure their networks to meet regulatory and business requirements. Existing protection for network organizations include the use of intrusion detection systems which detect attempted intrusions into the network environment and notify the organization of the attempted intrusion such that counteractive measures may be taken. Other types of systems involve intrusion protection systems which not only detect the attempted intrusions, but act in a proactive manner to eliminate the threat. Network vulnerabilities, as well as the frequency and sophistication of network attacks, are substantial and growing. Piecemeal protection processes such as random audits, scanners and consulting engagements have been utilized, but such processes leave an organization exposed for a high level of risk and typically fail to demonstrate a high level of business and regulatory compliance. These methods sometimes fail because they do not allow security to be imbedded as an ongoing operational process; they do not scale especially against the backdrop of a very complex and dynamic organization. Many of today's organizations are computing “ecosystems” created to serve multiple entities that are operationally independent or semi-independent while being interconnected from a computing network perspective. Even though these entities are managed autonomously, their networks must be collectively secured in a coherent process covering the entire computing system. In addition to this, organizations now rely upon information and communication technology to such an extent that a serious breach of security could likely have serious adverse business consequences, such as the loss of important data or, more likely, theft or publication of confidential information. Hacker's activities have the consequence of dramatically increasing network vulnerabilities. Sarbanes-Oxley, Gramm-Leach Bliley, HIPAA, and homeland security have all dramatically increased the level of security that organizations are required by law to maintain.
One reason that approaches such as intrusion protection systems and intrusion detection systems have not proven efficient for today's computing ecosystems enterprises is due to the fact that the filters/signatures implemented by such systems require intensive manual tuning and a good knowledge of the enterprise vulnerabilities landscape. Most enterprises tune their IPS (Intrusion Protection System) based on the vendor recommendation and some knowledge of their networks. What they should do is tune their IPS based on the vulnerabilities landscape of their enterprises. Organizations today are complex and distributed with unique business risk priorities that are hard to convey even within internal groups. Thus, what is clearly needed is some manner for integrating the vulnerabilities of a particular system or network with the filtering abilities of an associated intrusion protection system or other threat protection system that can be easily implemented, maintained and measured across a large-scale distributed ecosystem environment.