It takes an army of security professionals today to identify, isolate, track, and eliminate security threats, and breaches. The convolution within network security, in my opinion, has reached irresponsible levels. The days of the past where anomalies were quickly squashed by the network staff on hand is over from what I’m reading. It always seems to be a team, collaboration, or specific security organization which comes together: I’m not saying this is as “bad thing”, or bring up how small businesses lack “team” capabilities.
But… What is it that takes such a huge effort to discover breaches? Like a factory line, threats are being spewed out faster than we are identifying them, and that’s terrible. So is it:
- Product knowledge
- Environment complexity
- Available solutions
- Lack of intelligence
- Information overload
- Head in the sand syndrome?
In my opinion, it’s all the above.
I’m sure many threat discoveries are not publicized because they are not trying to grab news headlines, but for the security solutions providers that have products on-site, and new threats are discovered; the question we should ask is…
Why did it take a team days, weeks, or months with their product on hand?
You see the headlines “PRODUCT NAME” discovers “THREAT NAME”. The story that is rarely told is what were the other security devices doing beforehand that made the breach possible? As we all read with the Target breach, one of the mistakes was the threat was reported generically, and didn’t initially raise many eyebrows.
So was that a human, or product mistake?
I’ll let you decide, but for me, it doesn’t really matter. It failed, and both equally contributed. Why do you say?
Let’s not forget the security solutions ads (I’ll spare the names), when you start shopping around thinking you need something better. They tell you this is what they do:
- Internet security solutions enable organizations of all sizes to secure their network, systems, users, and data with a deep level of protection that won’t compromise network performance
- Can give you unprecedented insight into both application and threat behavior without compromising performance or adding latency: Applications and malware traversing your network: Bandwidth hogs, acceptable use violators, and social media mavens; Inbound threats targeting vulnerable systems
- Innovative security platform is based on our next-generation firewall which natively classifies all traffic, inclusive of applications, threats, and content, then ties that traffic to the user, regardless of location or device type. The application, content, and user – the core elements that run your business – are then used as the basis of your security policies. This unique ability empowers you to safely enable applications, make informed decisions on network access, and strengthen your network security.
Maybe there is should be a clearer disclaimer for all security solutions:
Disclaimer: This security device will not get you 100% secure, even with hard work, and commitment. This device will need constant attention, managing, and there’s a good possibility if you forget, or ignore something on it, your network and all of this firewall’s effectiveness will be compromised!
You have to have a firewall, there is no doubt. The more tools you have in security, the better it is. Just understand that even though you purchase a shiny new firewall with all the bells and whistles, it does not mean you are secure. In fact, the job just got harder, and more convoluted because you are looking at the same amount of traffic.
I’ll repeat: YOU ARE LOOKING AT THE SAME AMOUNT OF TRAFFIC. Reduce your traffic.