Large enterprises of a thousand people or more often have distinctly different information security architectures than smaller companies. However, typically they treat their information security as if they were still small companies.
This paper attempts to demonstrate that not only do large companies have an entire ecology of specialized software, specific to large companies and their needs, but that this software has different security implications than consumer or small business software. Recognizing these differences, and examining the way this can be taken advantage of by an attacker, is the key to both attacking and defending a large enterprise.
Download the paper in PDF format here.