Tools are a Means, Not an End One of the biggest shames of our industry right now is that “silver bullet” tools have such a hold on media and mind share. Organizations typically try to deploy the latest product in isolation, without understanding what’s causing the issues they’re seeing. But tools used this way are bound to fail, raid the corporate budget, tie up valuable resources and just obscure the symptoms of the problem for a while longer. Organizations can only fix what’s broken by understanding the problems clearly and developing a solution using proven methods that fixes them. Only then should you start thinking about what tool fits into the solution.
Example: A lot of companies have asked about “tuning” their latest flashy box that’s not working right. But when you get talking to them, you find that the problem isn’t with the product it’s somewhere else. Even if the product was at 100% efficiency, you still wouldn’t be able to solve the problem. One company had spent tens of millions of dollars on SIEM and other tools, but were using business school interns to run the SOC and didn’t have any plan for handling incidents! Another company had a DLP device that sat on the shelf for 2 years, and they hadn’t even clearly defined what data they cared about or where it should and shouldn’t be. Tuning in those situations would only be an expensive way of buying false assurance.
This is part of a series of short tips for Information Security Managers, where Stratigos Security will provide you with some of the benefits of our experience working with others like you. If you like what you read, come back for more!