Home News Services Tools Contacts

Welcome to Fishtales, the official blog of Digital Barracuda.

Thursday, February 22, 2007

Security Tools Can Build False Confidence

In case you haven’t heard, a vulnerability in SNORT was just announced. SNORT is a very popular Open Source intrusion detection and prevention technology. With more than 3 million downloads of the software out there, it’s safe to call it the premier product in the category.

The good news is that Sourcefire (the for-profit company that produces intrusion detection appliances built on SNORT) responded quickly with a workaround and a software update. But here’s my question: How many SNORT users have heard the news or downloaded the fix? While I don’t know the answer, I do know that SNORT.org reports about 100,000 active users. Who’s using the other 2,900,000 downloads? And are they aware of the problem?

Before I go on, let me say that my issue is not with SNORT (or any other security technology). The problem resides in the realities of the business environment. Executives and business owners are too busy minding the store. Their IT administrators have their hands full dealing with end-user problems, data backups (hopefully), general network responsibilities, and day-to-day IT hiccups. And IT companies typically only get called when the business perceives a problem.

Recognizing the criticality of the data on their computers and appreciating what a security breach could do to their operations, revenue generation and reputation, management is taking steps to protect their networks and data. That's good. But buying security software and appliances without investing in security professionals creates false security. When you start investing in security solutions you need:

  • High tech AND high touch: Hire security professionals to install and configure your security software and appliances. They will work with you to create a ruleset and configuration that works for your company.
  • Offsite backup strategy: Protect your data at all cost. It’s the heart and soul of your business. Without it, you have no business. Get it off site and into to a secure location. Data replication is a cost-effective option.
  • Managed Security Solution Provider: Threats are like the flavor of the month. They’re ever-changing…requiring newer, smarter, better technology. Keeping up is a full-time job. It’s also expensive. An MSSP offers a cost-effective alternative because it leverages the investment across many customers. It also provides the added benefit of a trained professional on duty, watching for network anomalies 24/7, interpreting activity and taking action when necessary.

Renew your faith in security and fall in love with all your IT again by working with a technology partner that lives by the 2.0 paradigm.

Posted by Jon Fernandez at 11:15 AM
Labels: , , , ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)