Look beyond the features when it comes to security

Share this article:
Leo Cole, general manager of security solutions, Trustwave
Leo Cole, general manager of security solutions, Trustwave

In today's internet-connected world, where emerging technologies and communication platforms like mobile and social media are being used for professional purposes, in-house IT staffs are facing mounting pressures to ensure security.

Often times, that means turning to technology to provide protection. And when deciding on a product to choose, buyers typically base their decision on a solution's feature set.

While this purchasing strategy may have worked in the past, in today's environment, where businesses face a more complex threat landscape than ever before, the “hot” new features of a product may not be enough to bring the desired results.

Businesses instead must consider the overall value of a security service – one that consists of proven solutions and skilled personnel. Technology, combined with managerial expertise, can most effectively protect valuable information from getting into the wrong hands.

We have spoken to many businesses that have purchased a security technology for its “bells and whistles,” only later to realize they did not have the resources or skills to ring those bells and blow those whistles. As a result, the product sat on the shelf, collecting dust while the organization remained less protected and looked for another alternative to improve its security.

Other businesses have told us that after purchasing feature-flooded security technologies, their in-house IT staff spent so much time learning how to install and maintain the products that they did not have time to work on anything else.

For example, a retail business approached us about a year ago saying it wanted to upgrade its security information and event management (SIEM) technology so that it could obtain faster, more accurate visibility of the activity taking place within its network. The business had been using a more antiquated version of SIEM and had its entire IT staff babysitting the product for hours every day – an arduous undertaking that it no longer wanted to do.

Instead of implementing a SIEM product with bells and whistles the in-house IT staff would have to manage, the business took a different approach by hiring a third-party security team for overall management of its SIEM technology including policy adjustments, fine-tuning and device management. By augmenting its security staff, the business's in-house staff could focus on other, business-enabling priorities.

As criminals become more sophisticated, so should their potential victims. Designing a security plan that focuses on the value of a service – and not just the features of a product – is the most effective way to protect all the potential attack vectors a business has to offer.

Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in Opinions

Sign up to our newsletters

TOP COMMENTS

More in Opinions

Beware of the malware walking dead

Beware of the malware walking dead

This Hallows Eve might be a good time to remind ourselves that zombies can be just as deadly, and I'm referring to recycled tools and techniques from years gone by.

Why the Home Depot attack shouldn't have happened

Why the Home Depot attack shouldn't have happened

Major retailers are falling prey to massive credit card information heists, despite spending millions on cyber security systems.

Next-generation malware: Think like the enemy and avoid the car alarm problem

Next-generation malware: Think like the enemy and avoid ...

When it comes to enterprise security, one rule remains constant - attacks will continue to increase in sophistication and attackers will seek to outmaneuver existing defenses.