Computerworld - How much money do you have in your budget? You have to be aware that this is very expensive software."
Ah, the not-so-sweet sound of the sales pitch.
Much of my work as a security manager is like that of a juggler, always keeping balls in the air. My daily goal is to deal with the next falling ball, be it a virus attack, a new e-commerce project or some suspected abuse.
This week, however, I was able to lift my gaze for a few days to think about future needs and meet with vendors. And once again, a slick product demonstration showed all too clearly one vendor's fundamental inability to understand our needs.
Two Challenges
We are meeting with vendors to address two challenges. First, we need to better manage the volume of security data we gather. Our antivirus applications, vulnerability data, intrusion-detection systems, firewalls, routers, operating systems and everything else we touch produce valuable security data, but in different formats.
It's expensive to train our staff to understand this modern-day Tower of Babel, and it takes up costly extra time when we must deal with incidents. If we could automatically translate and link security events, we would reduce costs and further improve our defenses.
The second challenge is to step up monitoring beyond our signature-based approach to detect unusual or anomalous behavior that doesn't match a known signature. Given that the SQL Slammer worm is reported to have taken less than 10 minutes to infect every vulnerable system on the planet, it's clear that waiting for an update from a vendor isn't going to work on its own.
Pulling together diverse security information is a common problem, and many vendors have products to address it, including the vendor whose salesman finished up his session with that pitch I quoted in the beginning of this article. I looked into this area a few years ago, and the products were very immature. I was hoping that the latest versions would have something interesting to offer.
We invited several vendors to demonstrate how their software could save us time, effort and cost.
The vendor I mentioned previously certainly put on a good show. Its salespeople arrived with an entire network in a suitcase and proceeded to unpack and set up servers, clients and a hub. The product ran and worked, which in some ways was the curse of their presentation. If they had stuck with PowerPoint screenshots, we wouldn't have seen what made the whole thing useless to us.
Poor Display
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
