Ultimately, enterprises will have to continue to refine fine-grained policies and rules that examine log files in depth for network events.
'These help to determine whether, for example, an authorized smartphone connecting to an internal system belongs to someone who happens to be off sick that day," says Maman. Then the network can automatically drop the connection and IT can investigate further.
But, even such policies cannot detect everything.
"There may not be enough evidence or detail to detect," said Maman.
Sign up for Computerworld eNewsletters.