Security device - not enough!
Security equipment is needed for every modern company but technology in this area progresses slightly behind demand. The lack of completely new solutions is compensated by advertising! So what is the real solution, where?
Security equipment is needed for every modern company but technology in this area progresses slightly behind demand. The lack of completely new solutions is compensated by advertising! So what is the real solution, where?
Safe illusion
Security devices today have evolved to technology saturation point. The rapid development of high technology in this environment seems to end. Still only improved anti-virus tools, attack detection and prevention tools with the possibility of being promoted to a new 'revolutionary solution'. The lack of creativity is offset by the policy of developing these devices: it's positive and interesting enough. Consider a similar pattern: Many dogfighting missiles now meet the "release and forget" principle. The pilot is only responsible for detecting the target, bringing it into the center of his aircraft radar and pressing the red button to launch the missile. It was not his business after that.
The current advertising for information defense systems and equipment is also the same, according to the principle of 'buying and forgetting'. Buy XYZ system, solve your problem and forget it. While the system is not purchased to solve certain problems, it is only a means capable of performing similar tasks. People are often silent about the latter. People ignore it because the means of protecting information are not the means to ensure the same results in the "guaranteed shield" or vice versa. Many companies still think that without buying security equipment, the company's information is not protected while no supplier dares to guarantee 100% to buyers that the customer's system will be protected even when Customers have purchased the strongest configuration.
Advertising on security often emphasizes the typical, not the technical characteristics of certain systems. Advertising slogans: ' Better, faster, simpler! 'Frequently appeared before the list of system features but still evaded the specifications in the style of shouting slogans:' It's a smart solution ',' System with wide coverage ', . The most annoying thing in security situations is not in advertising and does not need to mention the 'buy and forget' cases. The most annoying thing is that the security device creates an illusion of safety.
For example, everyone knows during the installation process by default, the inter-network filtering system doesn't filter at all; Also, the system is not protected against anything. Only a knowledgeable installation process can achieve the state where the device performs the 'assigned' functions. Here's an example with more sophisticated and advanced systems: IPS - an attack prevention system . The situation is even more sad. The system purchased for your application to your network does not really guarantee any protection. It needs to be installed and not just installed once and it's done. Regular monitoring of system operation, coherent analysis of events, positive response to new threats, etc. These systems are advertised as 'smart reactions first .' but not That means I can forget the installation and calibration of the security system.
For example, in the control area where suspicious behavior appears, the attack detection system immediately closes and prohibits everything from being closed and banned. If you don't detect this element in time, your system will most likely turn into a wheelbarrow, the number of functions will be reduced to a minimum. The expert's response must be appropriate: it is necessary to identify the cause of the system being attacked or just react to random elements, manual calibration with the system depends on the conclusion of the analysis. These are rarely mentioned in security device manuals. It would be blind to buy IPS without knowing how to attack on the internet. This reinforces the point of view: any system is just a means of being in the hands of a person and not a perfect solution as providers and advertisers say.
There is an interesting exception in this case: antivirus solutions. Anti-virus systems have been developed high enough, executing almost all functions: updates occur regularly and automatically only if you agree with it or not. Normally, customers determine the quality of protection completely independent of the number of viruses that must be killed but the time limit for a new pandemic virus is unknown. Therefore, anti-virus vendors' products are usually similar.
Superficial look
User's wish: One touch is done!
The issue of protection against internal threats is also mentioned a lot. Assuming that the information perimeter of enterprises has been fenced, well protected, all information in the area is a big problem for organizations. However, it is very dangerous for devices proposed to deal with risks from inside, which also purchase according to the principle of 'buying and forgetting'. A developer in the field of Russian security confirms the risks from inside USB and that employees use them illegally as a major risk with information leakage of the intranet of the enterprise.
As such, the internal risk problem that has to be discussed is whether or not peripheral devices are controlled, of which USB memory sticks are the leading ones? No one objected to the frequent check-in as security practices but to be honest, it was difficult to prevent information leakage. Unfortunately, thinking like that is quite common, making security work deformed. Some companies and organizations believe that when information security policy is in place, enterprise information is protected from inside!
Distributing information access is only the first step, mandatory. Next is the most difficult job - work with people directly involved in the production process of enterprise information. For example, employees who participate in a part of an experiential business plan can disclose more information. So, internal information protection systems can only be used to protect from 'immediate people' or to investigate what happened.
Who has the error - What to do?
To protect the company from spam, the boss will buy equipment, systems and applications . The purchase of equipment will run out of money, buy technical guarantee services (equipment purchased often causes delays of the whole system), recruiting new employees and training this person to operate the new system ., all of them run out of money. The management of the company has made a lot of small problems and spent a lot of money but the spam problem is still almost impossible to solve because the spam rate in e-mails is generally reduced but not all ( from 53% to 27% in a specific case). So, think about whether it is worth to spend money, time and potential businesses on such things? Of course not!
Who has the error? Who is 'advertised'? Supplier? Who posted ads for security equipment? In fact, it is important to put the protection of enterprise information in its place. The question of what to do yourself has an answer: Don't rush to buy equipment but carefully calculate the results with such costs. If the confidential information of the enterprise is only displayed in the form of a large database and the enterprise has nothing else that is valuable to the competitors, then it is obvious that the enterprise must purchase the control system to use peripheral equipment and set out harsh rules about using databases. If one of the main fears of a business is its business status (even within a few minutes), enterprises must take advantage of anti-virus, antispyware, prevent attacks, and regularly monitor devices. peripherals as well as inspection of the whole system.
However, the price to pay for similar solutions is large enough. Especially when any problem with businesses is also vital and enterprises must solve by themselves. Hospitals of excellent experts are not small. The value must be consistent with the principle of ' automobile horn system is not more expensive than the car itself '.
In Russia, security services are in vogue. Of course, people often hire security with only a part of information assets DN only. This approach allows access to the problem professionally and comprehensively without having to mobilize all internal resources to solve non-professional issues or to avoid having to maintain an expensive team of experts. Moreover, if the work is solved by professionals, the reliability of the system increases. The same service price is not higher than the case of self-employed enterprises, but in return for quality, it improves markedly. Service obstacles: people do not believe fully in outside experts (what if they shake hands with their opponents .?). Only when businesses encounter problems, the service will be considered again.
Viet Dung
- Cisco warns 2 serious security errors
- Detected an additional Wi-Fi security error
- Driver security error is not serious
- Dell laptop, HP fault Wi-Fi security
- The iris scanning device replaces the traditional password
- India makes sniper sniper detection equipment
- Being bitten by a dog, male students make extremely effective dog chase devices
- The US military developed a remote identification device via heart rate, 95% accuracy.
- Network security - How to set a password with high security
- Add 2 security bugs in Windows Mobile
What is the Snapdragon SiP chip? How to create a yellow circle around the mouse cursor on Windows Edit the Boot.ini file in Windows XP 3 ways to restart the remote computer via the Internet Vietnam computer market: Looking back a year How to restore deleted applications on Android How to increase the capacity of C drive on Windows 10, 8, 7 ... 8 security features of Windows operating system