The network gear doesn't have sufficient horsepower to do wire-speed stateful packet filtering because, apparently, that's still an exciting new idea in 2020, and we can't slow everybody's access down.
The problem with any defence based on filtering is that first you have to decide what to filter. In an enterprise-scale network, this is not an easy problem, despite the number of shiny and expensive tools available that are selling the hope that it is.
Individual departments have end-run IT by using "cloud" offerings that effectively bridge different segments of the network together at layer 7.
This might be the most challenging problem for modern IT security, perhaps along with BYOD. The software and equipment accessible by staff might no longer be fully controlled by the organisation. That changes the emphasis for IT security from "just" securing your own software and systems to also somehow securing your data against unauthorised transfer to other systems. And this is a hugely complicated problem with (at least) technical, legal and management dimensions.
The problem with any defence based on filtering is that first you have to decide what to filter. In an enterprise-scale network, this is not an easy problem, despite the number of shiny and expensive tools available that are selling the hope that it is.
Individual departments have end-run IT by using "cloud" offerings that effectively bridge different segments of the network together at layer 7.
This might be the most challenging problem for modern IT security, perhaps along with BYOD. The software and equipment accessible by staff might no longer be fully controlled by the organisation. That changes the emphasis for IT security from "just" securing your own software and systems to also somehow securing your data against unauthorised transfer to other systems. And this is a hugely complicated problem with (at least) technical, legal and management dimensions.