The comment came at a recent chief security officer roundtable in Boston sponsored by Qualys, which announced the Qualys FreeMap service at the event.
The rogue access points have the potential to "defeat the firewalls and intrusion detection services companies have in place," Clarke said.
According to Qualys CTO Gerhard Eschelbeck, the FreeMap service would find the rogue access points external to the company's firewall, but to find the internal access points, the company's QualysGuard paid product would be required.
Accordin to Devlin, the task facing security professionals is to protect enterprises from the vulnerabilities and exposures identified every day without disrupting the business.
"It's a constant juggling act on a daily basis," he said.
One of the greatest threats comes from attackers using social engineering tactics, such as posing as someone they are not.
"At one extreme, we teach our people to be helpful to customers. At the other, we need to tell them to be distrustful," Devlin said.
Mahan of the Federal Reserve Board spoke about the challenges posed by application-level attacks.
"No one has cornered the market on making developers think about security first," he said. And while the security products and service industry is responding well with intrusion detection systems and other category of products, Mahan says he is not yet satisfied with protections available for application vulnerabilities on a 24x7 basis.