Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

With all the high profile security
breaches in the retail sector
and well-documented flaws
in DNS servers
there is probably not better time than the present to be in
the security assessment business.



 

Just about every customer on the planet right now is realizing
that its security posture is probably not as strong as it should be. In fact,
the biggest issue they have is not the lack of security devices, but rather the
fact that all the devices are typically mis-configured.

As security devices age, they are subject to multiple
updates to their configurations, which are usually delivered by various IT
managers with different levels of skill over a period of years. The end result
is that holes develop as each successful rule change to device adds more and
more complexity.

One example of a company that provides a set of tools in
this space that solution providers can build a security assessment practice
around is AlgoSec, a maker of
a tool for analyzing firewalls. More importantly, the company also recently
rolled out a workflow tool that creates a structured process for tracking
change requests, evaluating whether the change is needed, determining which
firewalls actually need to be updated and what specific rules need to modified.

Scheduled for general availability in the first quarter, the
AlogSec Fireflow management tool provides a basic framework that a solution
provider can use to create a structured security assessment practice.

Security people today are some of the most expensive people
to hire, so any tool that maximizes their time is going to pay for itself
pretty quickly. At the same time, customers are looking for ways to reduce
their security spending as a percentage of their overall budget. Too much of
that money
is tied up in staffing and the renewal licenses
for products that many of
them are not completely sure provide a useful function.

Perhaps more importantly, the entire delivery model around
security is evolving as managed security services, software-as-a-service
offerings and now cloud
computing models
come to bear. That means that end customer is probably
more confused than ever, which in turn creates opportunity for solution
providers.

That opportunity, however, may not come in the form of
selling security products, but rather in developing a deep understanding of how
to deliver value-added security services around and array of products that in
of themselves rarely provide a useful solution.

Michael Vizard is Strategic Content Expert for Ziff Davis Enterprise. He can be reached at michael.vizard@ziffdavisenterprise.com.