One ring to rule them all or Pieces of Eight? Need your opinions on security tools
I think some of you might already know where i am going with this. Around this time many companies are preparing their budget for next year and getting their projects ready but with that comes the frustration and annoyance of incorporating or having to deal with yet another security tool that you will have to be trained, become proficient or spend enough time that by the time you get good at it you will probably stop looking at your other security tools.
So as the title says, what are you guys seeing out there or hearing from your co-workers and managers? Is it better to have one tool that integrates with all the products and for all your needs you go into this one solution or do you have separate tools for separate tasks and alerts and there is no integration between them?
Personally, I am finding out that security companies are becoming very very competitive because they know security costs money so they attempt to take market share from various companies that maybe focus on a niche section of security and by doing so they create a tool and continuously evolve that one tool to the point where that one tool can do everything. But is it a good idea to have that or should you keep the tasks separate? Keeping them separate consumes more resources and more time, requires bigger teams etc etc so there are big disadvantages and advantages in both.
So I wanted to hear your opinions because I dont think I am the only one with this concern.
So as the title says, what are you guys seeing out there or hearing from your co-workers and managers? Is it better to have one tool that integrates with all the products and for all your needs you go into this one solution or do you have separate tools for separate tasks and alerts and there is no integration between them?
Personally, I am finding out that security companies are becoming very very competitive because they know security costs money so they attempt to take market share from various companies that maybe focus on a niche section of security and by doing so they create a tool and continuously evolve that one tool to the point where that one tool can do everything. But is it a good idea to have that or should you keep the tasks separate? Keeping them separate consumes more resources and more time, requires bigger teams etc etc so there are big disadvantages and advantages in both.
So I wanted to hear your opinions because I dont think I am the only one with this concern.
Comments
-
636-555-3226 Member Posts: 975 ■■■■■□□□□□My execs always ask why infosec's budget is one of the smallest in the IT sub-departments. Every year I have to explain to them that a top-notch infosec team isn't about flashy tools, it's about experienced people making sure we're following the right processes across all areas of the business. my infosec coworkers agree we need people, training, & time to implement the training. other infosec mgrs in my region prefer to spend money on flashy tools, so opinions vary....
That isn't to say I couldn't spend millions of dollars a year in next-gen firewalls, next-gen av, user behavior analytics, etc. We could, but I choose not to. When I get the opportunity, I use any extra budget I get to either hire a new person or send existing people to more training (which they have time to absorb & use since they aren't busy installing/maintaining flashy new tools with not a lot of reward). Yeah we have AV, IPS, some next-gen this and next-gen that, but when i do presentations about infosec and why my group is as good as we are, technical controls are last in the presentation and just briefly glossed over other than to throw out some interesting stats that people love to eat up.
now, to answer your question about tools - most of the big companies (McAfee, FireEye, Symantec, etc) are creating their own suite of tools so you can have 80% of your technical controls tools from one place. i'm hesitant about this approach b/c you better be sure all of those components are good. if some underlying piece of all of them isn't any good (like AV, IPS, and next-gen firewalls all depend on the same crappy AV signatures) then you're screwed. However, i do see a lot of value in tools from one vendor that all know how to talk to each other & interact with each other, although in real life that doesn't seem to work as well as the sales engineer leads you to believe. i prefer to keep the tools separate and from different vendors with different architectures as much as possible. more work, but i think it's like getting 10 people in the room and asking them questions about life. you'll get a much broader range of experience and real-life takeaways from 10 people than if you just asked one or two.
smaller companies are filling the niches. user behaviour analytics is, in my opinion, the "next gen" big thing people are going to be jumping on board. i'm staying away until at least 2018 since half of those current companies won't be around in a few years and the feature sets of them all are so random that it's hard to compare apples to apples.
still didn't directly answer your question, but i'm tired and going to bed, so i'll leave it at that -
SaSkiller Member Posts: 337 ■■■□□□□□□□No one product will properly integrate everything without proper network design, deployment and tuning. Most organizations are unwilling to do so, so I see fragmentary security, some random products where personnel are half trained and the product is half deployed with no tuning.OSWP, GPEN, GWAPT, GCIH, CPT, CCENT, CompTIA Trio.