Day Zero Security's approach to network security and audit is one of 'lowest common denominator' i.e. cancelling out variables to find the simplest solution to a problem.

Our approach to Network Security is one of recognising 'normal' and 'expected' traffic patterns and assuming that anomalies to this are, by definition, malicious.
So, irrespective of the form that malicious code takes, if packets are analysed in context to traffic stream and anomalous code identified at multiple layers then a Malware protection policy can be easily implimented and enforced.

This ranges from disassembling packets to 7-layers and identifying if any components breach protocol rules e.g. buffer overflow, to running unknown code in a safe 'sandbox' environment to see what it does rather than what it is or says it is. Finally, presenting Honeypot devices that pretend to be your actual network identify patterns in hacking activity by intercepting and responding to attacks. The 3 principles above are shown by ISS, GFI MailSecurity and Forescout in turn.

Our approach to compliance to internal audit and 3rd party regulatory bodies is to collect all information from monitored systems to provide complete audit trails of activity. This ranges from network-wide collection and correlation of System log files and logins/failed logins to configuration change monitoring where changes applied to a digital system are logged and authorised by time/date and user. If any regulatory body request proof of the integrity of a digital system, this conclusive logging of events and activities can be used to prove that data integrity has been maintained. GFI Security Event Log Monitor and Tripwire provide this functionality in turn.