A huge industrial fire breaks out at a warehouse in the lower east side of the city. Black smoke billows high into the air which can be seen for miles around as people evacuate to safety. Part of the building collapses and screams can be heard from inside. Several fire trucks are there. The truck is full of fire- extinguishing and life-saving equipment. Hoses connected to hydrants. Ladders extended high into the air. Nozzles pointed at the fire. Only one problem, there are no firemen.
It is difficult for us to imagine a scene like this without the actual fire fighters there using the equipment needed to adequately and safely extinguish the fire and save those in need. In our minds we often don’t separate the tools such as hoses, hydrants, trucks, axes, etc. from the people who risk their lives. We look at fire-fighting as a “solution” and we don’t distinguish between tools and people. It all works together in a prescribed way that has seen success for a very long time.
As a society, we are obsessed with the latest tools. Unfortunately, we don’t think as much about what makes a tool valuable. A tool by itself has limited or no value. A fire hose, an axe, a firetruck have no value without the men and women that are trained to use various tools to solve real-world problems. These firemen also must be available and ready to respond when an emergency occurs. Likewise, people, without the right gear and tools would be of little value in an emergency situation and could harm themselves and others.
In IT security, we often confuse a tool for a solution. Take the Target breach for example. Target had some of the most advanced (and expensive) technology available on the market today to detect malware and advanced threats. The system in fact detected the breach and sent the proper notification. Security staff ignored, dismissed or otherwise neglected this data which resulted in one of the largest and most publicly discussed breaches of all time. Why? Because Target bought a tool thinking it was a solution.
Tools are great but they are only useful and valuable if they are deployed timely, configured properly, tuned continually, maintained appropriately, managed correctly, and monitored by qualified and trained personnel. Otherwise, best case you have a rather useless tool. Worst case you are relying on a technology believing it is providing risk mitigation value where it isn’t. In other words, tools and technology by themselves can be more dangerous to your organization because they can create a false sense of security.
The threat landscape has changed. Malware is the greatest threat to organizations. Malware can evade nearly all traditional information security technologies including firewalls, intrusion detection and prevention systems, and anti-virus software. New and advanced technology and tools exist to combat these latest threats; however, they are just tools. Real information security comes from merging best of breed tools and technologies with the expertise needed to transform those tools into solutions. Don’t get caught purchasing a tool and believing it is a solution.
StratoZen offers next generation information security solutions designed to protect systems from the latest information security threats without the need to in hardware, software, or IT personnel. To find out more, visit us at https://stratozen.com.