"Organizations operating in the digital world today need layers of security so that an email message that gets through the firewall will get stopped by the mail server's antivirus; and if it makes it through that, then it should be stopped by the workstation's antivirus. If the hostile program actually secures a toehold on the workstation, it should be detected when it runs on the workstation because it's doing things that are suspicious or unexpected. Look for connections to sites on the Internet with known relationships to hostile activity, and block such sites by egress filtering on the firewall.
Attackers are leaving no stone unturned, prying into web applications, operating systems and even deeper in the hardware. They're taking advantage of conventional endpoints and mobile devices, slipping past and through network security, and even taking advantage of the human element operating the devices."