A recent buzzword in security is endpoint: any device that can connect to the corporate network, ranging from a desktop workstation to a laptop, PDA or even mobile phone. As the number of endpoints increases, firewalls and antivirus software are no longer adequate protection.

While external threats are as virulent as ever and need to be guarded against with firewalls and other defences, it is more important to pay attention to internal weaknesses

New tactics by criminals and new kinds of malware are probing networks for vulnerabilities. And increasingly, they are finding them. Fundamentally, experts say, endpoints are receiving more attention because of a sea change in the way computer networks are attacked.

In any attack, the first step is to get inside the organization's security perimeter. Traditionally, that has been done through an external threat, such as an infected e-mail message. Although there are still plenty of virus-laden e-mails, they are becoming less effective as attack vectors.

"Generally, security companies have done an excellent job on external threats," says Bill Piwonka, vice president of product management at Centennial Software, a maker of security software and sponsor of the blog WatchYourEnd.com.