Breaches, Flaws and Security, Oh My!

By Michael Vizard  |  Posted 2008-08-07 Email Print this article Print
 
 
 
 
 
 
 

Just about every customer on the planet right now is realizing that its security posture is probably not as strong as it should be. In fact, the biggest issue they have is not the lack of security devices, but rather the fact that all the devices are typically mis-configured.

With all the high profile security breaches in the retail sector and well-documented flaws in DNS servers there is probably not better time than the present to be in the security assessment business.  

Just about every customer on the planet right now is realizing that its security posture is probably not as strong as it should be. In fact, the biggest issue they have is not the lack of security devices, but rather the fact that all the devices are typically mis-configured.

As security devices age, they are subject to multiple updates to their configurations, which are usually delivered by various IT managers with different levels of skill over a period of years. The end result is that holes develop as each successful rule change to device adds more and more complexity.

One example of a company that provides a set of tools in this space that solution providers can build a security assessment practice around is AlgoSec, a maker of a tool for analyzing firewalls. More importantly, the company also recently rolled out a workflow tool that creates a structured process for tracking change requests, evaluating whether the change is needed, determining which firewalls actually need to be updated and what specific rules need to modified.

Scheduled for general availability in the first quarter, the AlogSec Fireflow management tool provides a basic framework that a solution provider can use to create a structured security assessment practice.

Security people today are some of the most expensive people to hire, so any tool that maximizes their time is going to pay for itself pretty quickly. At the same time, customers are looking for ways to reduce their security spending as a percentage of their overall budget. Too much of that money is tied up in staffing and the renewal licenses for products that many of them are not completely sure provide a useful function.

Perhaps more importantly, the entire delivery model around security is evolving as managed security services, software-as-a-service offerings and now cloud computing models come to bear. That means that end customer is probably more confused than ever, which in turn creates opportunity for solution providers.

That opportunity, however, may not come in the form of selling security products, but rather in developing a deep understanding of how to deliver value-added security services around and array of products that in of themselves rarely provide a useful solution.

Michael Vizard is Strategic Content Expert for Ziff Davis Enterprise. He can be reached at michael.vizard@ziffdavisenterprise.com.

 
 
 
 
 
 
 
 
 
 
























 
 
 
 
 
 

Submit a Comment

Loading Comments...
























 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date