Stricter policies that restrict the downloading of files from unidentified sites would also help, Kellman Meghu, head of security engineering for Check Point, said. Having a strict policy that all executable files have to be preapproved would go a long way toward reducing malware infections.
"It may seem like a burden, but the reality is the burden of trying to clean up potentially thousands of machines is far larger," Meghu said.
As last year's Target breach showed, technology alone is not enough to prevent the theft of 10s of millions of customer records and credit card data.
A network-monitoring tool from vendor FireEye alerted the retailer's security personnel of malware on the network before the data was stolen. However, no one acted on the warning, so the $1.6 million Target spent on installing the tool did not matter.
"The technology is there to help, but you still need intelligence and human brainpower wrapped around it to make sense out of what the technology is trying to tell you," Chris Camejo, director of assessment services at NTT Com Security, said.
Sign up for CIO Asia eNewsletters.