Today, when you make decisions about information technology (IT) security priorities, you must often strike a careful balance between business risk, impact, and likelihood of incidents, and the costs of prevention or cleanup. Historically, the most well-understood variable in this equation was the methods that hackers used to disrupt or invade the system. Protective security became the natural focus, and the level of protection was measured by evaluating defensive resiliency against live or simulated attacks. This protection has proven to be insufficient, as the escalating frequency and impact of successful exploits are proving that IT assets are not yet secure. The ever-changing landscape at the application infrastructure layer likely leaves you inadequately informed as to where and how your data might be exposed. So where can you turn next to help protect the security of your critical data assets? Since 75 - 90 percent of all Internet attacks are targeting the application layer, it is clearly about time that you listen to what your software is trying to tell you about data security.