Abstract: This paper develops a model to study enterprise network security investment strategies when facing different vulnerabilities with budget constraints. It analyzes the impact factors such as the network exposure, the attack probability, the breach probability, and security investment efficiency on network security investment strategies. The result shows that under the circumstance that the network system has a stronger ability to defend against an opportunistic attack and a weaker ability to defend against a targeted attack, when the optimal security investment is very high, the investment allocation to the opportunistic attacks increases with an increase in the total investment while investment allocation to the targeted attacks decreases with an increase in the total investment; when the optimal security investment is very small, the allocation of investment depends on the degree of network exposure.