Re: [fw-wiz] State of security technology for the enterprise



The environment is a product development environment that is under constant
threat from the outside and a history of inside threats/attacks. I am
protecting mostly Microsoft systems with some *nix. The data at highest
risk is source code and product development documentation. I need to be at
least FIPS 140-2 compliant. As far as budget goes, I was hoping to spread
the purchase between this years and next years and keep the total spent less
than 70K. Staff?? I'm it. Experience dealing with IT security risks is
about an 8 on a scale of 1 to 10. I've caught a few, been attacked
internally a few times and externally on a continuous basis. Corporate
espionage is a reality for me.



While all this is important to consider when choosing a solution, I'm not
that far along yet. My intent is to investigate the state of security
technology so that when I am ready to choose a solution or set of solutions,
I can go with product(s) that are forward thinking and least likely to
require a forklift upgrade in the next 3 years.



You make a good point that the pieces of the overall solution must work
closely with each other. This is something the vendors of security
solutions are fighting. They want me to think that they are so good that
they can handle it all. My current solution is hybrid and on more than one
occasion I've seen one vendor miss something and another catch it.

True security cannot be bought, but with the growth of new technologies
comes new threats that are not as easily dealt with by using a six shooter.
As an example, VMWare tells me not to run endpoint protection in my virtual
environment and that there are products out there that sit at the hypervisor
layer to protect VM's from attacking each other. ( I left that out of the
environment section. We are 70% VM and will be 90% by end of year. This is
a big consideration)

From: Marcin Antkiewicz <firewallwizards@xxxxxxxxxx>

Subject: Re: [fw-wiz] State of security technology for the enterprise

To: miedaner@xxxxxxxxxxxx, Firewall Wizards Security Mailing List

<firewall-wizards@xxxxxxxxxxxxxxxxxxxxx>

Message-ID:

<7ed5f2120904292213r55acf650n92cc1a34a3f7cea6@xxxxxxxxxxxxxx>

Content-Type: text/plain; charset=ISO-8859-1



The underlying architecture is very important to providing control.



I doubt that the original poster's question can be answered without rest of
the relevant information. What is the environment? What systems/data will be
protected? Under what regulation? What budget?

How big is the staff? What's the infrastructure? What's the organization's
experience dealing with IT Sec risks?



A laundry list of technology is meaningless - each of the pieces must work
with the others, and satisfy some business need. If the later part is
neglected funding tends to dry up in 2-3 years. Justification to the
business does not have to be extravagant, but it must be well done, and in
language and context that the business understands.



ArkanoiD is correct, biggest Sidewinder is worthless, if the application
folks decide to include passwords in Javascript. I know of a few places that
try to correct such creativity with iRules on F5s, but that's just a race
that the org is going to loose. Sidewinders and F5s are not needed, secure
SDLC will fix that problem. Add decent development process to sidewinders
and the F5s and the org will be doing quire well, but that's very expensive
- requres cooperation of IT Sec and App Delivery, which cannot be purchased.



I think I am trying to say that Seurity is a process, and cannot be bought
(in a sustainable manner), But that we all know already.



--

Marcin Antkiewicz





------------------------------



_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


Relevant Pages

  • Re: It takes a national outcry to get anything done.
    ... The environment agency ... but rather that protecting wildlife become more fashionable than ... Environment Secretary Owen Paterson and his civil service underlings ... with the silt that dragged from the river being deposited on the bank ...
    (uk.legal)
  • Re: Mellow Topic
    ... Why do people vote and act against self interest? ... there are many educated heterosexual white males who come from ... >improve equal rights for all and/or put issues like say protecting the ... choice if protecting the environment and providing a safe world for my ...
    (rec.music.gdead)
  • Re: More Luskin: The inefficacy of intelligent design is evidence for
    ... "Biology is now helping us improve our methods for protecting the ... environment, avoiding car crashes, and building better, more energy- ... intelligent design. ... outperforming human technology"? ...
    (talk.origins)
  • Re: It takes a national outcry to get anything done.
    ... The environment agency ... it wasn't lack of spending by the environment ... but rather that protecting wildlife become more fashionable than ... with the silt that dragged from the river being deposited on the bank ...
    (uk.legal)
  • Re: It takes a national outcry to get anything done.
    ... The environment agency ... it wasn't lack of spending by the environment ... but rather that protecting wildlife become more fashionable than ... with the silt that dragged from the river being deposited on the bank ...
    (uk.legal)