Security Manager's Journal: At budget time, you ask and hope to receive
Our manager has a long wish list as the annual budget time rolls around once again.
Computerworld - It's budget time again, which is a good chance to assess our information security defenses and decide which areas we can best afford to beef up. Here's a look at what I think we'll be able to add this year.
First, I want to increase our investment in security incident and event management. SIEM has been a great investment thus far, helping us thwart attacks and identify other malicious activity that could have resulted in the loss of sensitive data, unauthorized access or a denial-of-service attack on our network. I can point to a lot of things that justify further investment. My plan is to expand our license and add more network sensors to remote offices. The return on those investments will be that more data will be correlated with additional log and netflow feeds from network and server resources.
Next, I want to upgrade the security assessment tools that automatically scan our DMZ infrastructure on a weekly basis, as well as satisfy our regular audit and assessment schedule of internal apps and infrastructure. Our current tools, though fairly effective, lack some of the rich functionality that Qualys, nCircle and Rapid 7 offer. Any of those would give us a more robust, centralized management console, integration with other tools and better reporting options. The productivity gains that these products would make possible are a selling point; the tool we end up choosing should pay for itself in short order just in the area of collecting security compliance data each quarter.
Then there's data leak prevention (DLP). When we implemented DLP earlier this year, our budget didn't allow for any decryption infrastructure. A main feature of DLP is that it can detect documents being sent via Web-based apps such as webmail and personal storage sites, but we need to decrypt the SSL traffic before our DLP tool can inspect the data. In addition, we recently migrated our Exchange deployment to Microsoft's Office 365 cloud offering, so now even our corporate email is encrypted. All of that means we need to buy proxy appliances and then send all our Web traffic to them for decrypting ahead of going to the DLP engine for inspection. We'll be looking at either Cisco or Bluecoat to satisfy this need.
Another area that we need to address is protection against advanced persistent and zero-day threats. We're on schedule with a proof-of-concept of FireEye, as we seek to understand the value of this type of investment. If the pilot is successful, our plan is to buy a few appliances for our larger offices, but complete enterprise coverage would require an appliance at each of our more than 40 remote offices. If FireEye doesn't fit the bill, we'll look at other technologies, including WildFire, which is already bundled with our Palo Alto Network Firewalls.
Each quarter, I spend about $30,000 for outside firms to conduct penetration testing and give us an independent viewpoint. One recent penetration test of our IP telephony infrastructure identified several critical configuration issues. I would like to double that budget line in 2013, mostly because we are expanding our use of cloud technologies and will need more assessments to keep up.
As for staff, I'll have a harder time. I'm fortunate in being allowed to fill an open position for a security analyst, but I could always use more people. The good news there is that my company just announced a summer internship program. At nominal cost, I can hire a college intern for the summer. I'll be asking for two.
All in all, I know I'm pretty lucky. Not every security manager can ask for so much and have a reasonable expectation of getting it. Still, our security spending remains small, both as a percentage of the overall IT budget and in terms of security spending per employee.
This week's journal is written by a real security manager, "Mathias Thurman," whose name and employer have been disguised for obvious reasons. Contact him at firstname.lastname@example.org.
Join in the discussions about security! computerworld.com/blogs/security
More by Mathias Thurman
- Security Manager's Journal: Taking steps to better lock down the network
- Security Manager's Journal: Dealing with the heartburn of Heartbleed
- Security Manager's Journal: A deal that's too good to be true
- Security Manager's Journal: Virtual machines, real mess
- Security Manager's Journal: Stopping vendors from making us a Target
- Security Manager's Journal: Thousands of dollars in phone calls? Management hates that.
- Security Manager's Journal: Another step toward eliminating data loss
- Security Manager's Journal: Siccing MDM on personal mobile devices
- Security Manager's Journal: An admin surfing on a server? That's a big no-no
- Security Manager's Journal: Time to tweak the security policies
Read more about Security in Computerworld's Security Topic Center.
- The Truth About Cloud Security "Security" is the number one issue holding business leaders back from the cloud. But does the reality match the perception?
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!