Enterprises must regularly validate their security efficacy based on real-time conditions, not compliance criteria, says John Weinschenk, General manager, Enterprise Network and Application Security of Spirent. That sort of testing returns actionable data to tune devices, update policies, and fortify defenses before they are compromised, he adds.