Here are a few reasons that I can quickly think of as why we may be in the same boat as Target.
- We fall for Vendor's presentation
- We think Technology is the cure while I believe technology only constitutes 25% , while people constitute 35% and processes constitute 40% of the entire solution.
- We don't plan and determine the exact requirements
- We don't determine what constitutes a successful installation.
- For critical monitoring tools, we do not have a learn and tweak period to weed out false positives, make exceptions and test incident management process.
- We normally put the cart before the horse (We don't create processes but implement the technology)
- Security team does not have the buy-in from other departments. This impedes incident management.
If vendor products could accurately block something IPS should be the superstar product. We know how this turned out to be.
So, is the following story with FireEye. Nothing. wrong with the product, it is just that we should not fall for the sales pitch and determine how much we can get out-of-the box and how much we have to work hard to get it to where we want it. Importantly what we need to keep doing to catch-up with the changing security landscape.
According to the Article:-
Overall, network-monitoring tools require manpower. While the FireEye system could have been configured to remove malware automatically, that feature was turned off.
Target had determined that the software was too new and untested to have it delete files on its own. The decision was the right one, because if the software made a mistake, it could easily taken down a critical system.
"It is always the recommendation to fully test the product in the environment before turning on automatic checks
"In my opinion, it takes a lot of additional work by an enterprise to reach an automatic block level with a product as the last thing security wants is to make the business grind to a halt."
Overall, network-monitoring tools require manpower. While the FireEye system could have been configured to remove malware automatically, that feature was turned off.
Target had determined that the software was too new and untested to have it delete files on its own. The decision was the right one, because if the software made a mistake, it could easily taken down a critical system.
"It is always the recommendation to fully test the product in the environment before turning on automatic checks
"In my opinion, it takes a lot of additional work by an enterprise to reach an automatic block level with a product as the last thing security wants is to make the business grind to a halt."
Thanks to the following link that set off my thought proces:
No comments:
Post a Comment