The Joker from the first Batman movie said “And now, folks, it’s time for “Who do you trust!” and I can’t agree with him more. The security landscape has changed over the last year, due to the economy and a severe lack of experienced security professionals, to make more companies look at out sourcing their security needs.
This is an interesting change in how people have viewed security in the past. The landscape is scarier now and companies are staring to realize that they are unable to employ a team of security professionals that are capable of keeping up with the entire scope of security issues in the wild. So how do they keep themselves safe?
I mentioned MSSPs in a previous post and I think that many more companies in the next few years are going to go that route. In the end, it comes down to cost and “Who do you trust?”
posted by holliday at 2:11 pm
I am a big fan of open source software and have been using it for most of my career to do one thing or another. I find that it is just a starting point, not the end of the road. When using an open source solution you have to plan for some customizations to fit your environment, just like you would with a standard commerical product.
I have found that many individuals don’t have the security resources to really deploy any free open source solution or the budget to purchase a full blown commerical solution. This usually leads to them trying to use the open source tools but inevitably leaving themselves extremely vulnerable.
With the lack of security resources and budget I have found a lot of customers are looking towards MSSPs to bridge the gap. It will be interesting to see how this affects the security market among small businesses over the next few years.
posted by holliday at 1:15 pm
Thought for the day:
If I don’t know about an issue, it can’t hurt me.
This seems to be a major factor in many companies overall security policy. Management has a responsibility to keep costs down and one way to do that is ignore issues until something bad enough happens for them to open their wallets.
For the person in charge of securing the data and systems on the network this is a very big headache. How can this security person be able to perform their job adequately without the proper tools or people? The correct answer is that they can’t. This person has to make it clear to management what issues they are seeing and why it is critical that they get resolved.
To do this you need to have visibility into your network and the ability to present that to your management team. Where do you find the tools or resources to do this though? The internet of course.
www.secviz.org
www.nmap.org
www.nessus.org
www.stillsecure.org
www.snort.org
www.darknet.org.uk
All of these give you free options to help build visual evidence to deliver to the management team. It is hard to keep your head in the sand when someone keeps clearing it away.
posted by holliday at 12:52 pm
