Managing security used to be an easy task. The expectation was that you installed a firewall to protect the corporate assets from attackers. Every now and then, you had to poke a hole into that firewall to enable some application to talk to the Internet or vice versa. If things were taken really seriously, you also had to install a network-based intrusion detection system (NIDS) to monitor the traffic entering the corporate network. It was a lot of fun—maybe I am just a masochist—to look at the NIDS logs to find how many times you were scanned in the past 24 hours. It got a bit frustrating every now and then when you did not really find any important events that would indicate someone actually attacking you. However, ...