The firewall -- has the "magic" box lost its mojo?
May 3, 2016
The Best Tool for Information Security - Sledgehammer or Assorted Screwdrivers?
November 21, 2014
I was recently reading an article in TechTarget about a new class of security appliance - the breach detection system. Such systems monitor the entire corporate network footprint, looking for suspicious code, access to suspected hosts, and other anomalous activity. They start around $80K, not including the personnel required to operate, monitor, and maintain them. Despite the high cost of ownership, corporations are apparently adopting such systems at a high rate. They represent the "sledgehammer" of corporate information security.
Sadly, I think the adoption of such systems is more about having a security audit check off or nice entry in the annual report than they are about improving security. One constant in Information Security (Infosec) is the ability of rogue players to defeat increasingly complex and secure systems. I suspect it will not be long before we hear about patches being released for major exploits discovered in breach detection systems.
I would respectfully suggest that the most effective solution to Infosec requires different tools from the tool chest - a bunch of screwdrivers as it were, such as:
Employee security training - by far the most overlooked approach to Infosec, and I suspect the one offering the most bang for the buck.
Patch management - hard, but doable with proper attention to detail.
Routine log review - tedious, but necessary. Fortunately, there are a number of affordable tools to help with this.
Published and followed policies and procedures, especially including incident management.
Proper oversight by executive management - they don't have to be Infosec experts, they just have to ask the right questions and provide funding for the proper tools and personnel.
Infosec is about diligence, consistency, and attention to detail. No system exists or ever will exist, in my humble opinion, that will automate this. The answer is just professionals doing their jobs on a day to day basis, with the proper affordable tools, and support from executive management.
Security expert Bill Murphy published a blog entry today titled "Beethoven and IT Security". In this post, he discusses two geniuses - Mozart and Beethoven. He points out that while both are considered geniuses, Mozart's work required little effort, due to his genius. On the other end, much of Beethoven's genius was in his hard and diligent work. Bill's point is that many CIOs are depending on a Mozart-like approach to Infosec, by simply buying security "stuff". The wise CIO on the other hand approaches Infosec like Beethoven, with hard work, diligence, and attention to detail.
Bill's premise is well taken, and applies to all of us in Infosec. Most of us cannot afford an $80K+ breach detection system, but even if we can, it is no substitute for focusing on details and fundamentals.