Discover PerformanceHP Software's community for IT leaders // November 2012
5 questions to spur security innovation
Sometimes the best innovations are right under your nose. In security, there’s a huge opportunity lurking in simply doing more with what you’ve already got.
For every problem, there’s a product that promises a quick fix. That’s why a common strategy to solving a new challenge—in security and elsewhere—is to buy something. Eventually, short-sighted fixes pile up into an unmanageable collection of poorly integrated, partially utilized solutions.
Instead of a highly orchestrated response to the risks your enterprise faces, you end up with overlap, solutions that don’t communicate well, and a lot of unused technology firepower. At a time when every part of the IT organization is under pressure to provide value through innovation, and to do more with less, exploring the underutilized tools at hand can let security deliver new value with what it’s already got.
Make what you’ve got work harder
Take a second look at your inventory of security solutions, and look for new and better ways to use them, singly and together. Start like this:
1. Why did I buy this solution? Rushed implementations designed to solve one urgent problem often overlook the full range of possibilities. Now is the time to look deeper.
2. How often do I look at all the dashboards for this product? If you only look at one part of the management interface, it’s time to find out what there is that you’re not using.
3. Have you updated this product—and how you use it? Most vendors provide major updates to their security solutions every six months. A solution you once bought for a single function may have added features that will work better with what you’re doing now, and will save you the cost of another point solution.
4. How many of your security products don’t integrate at all with anything else? Isolation puts negative drag on a solution’s overall value. Poorly integrated solutions should be the first on your list to replace/retire with something that can work more cooperatively in your environment.
5. Do I have multiple products that can do the same thing? Many businesses make the mistake of believing that they need the top-performing solution for every function, which leads to feature overlap. Look for a single solution that gives you the best overall performance for all of the features it performs.
Don’t forget you have a willing (and free!) assistant to aid your investigation into these issues: your vendors. You should trust your vendor enough to say: “I bought this from you. Am I getting the most out of it?”
Broadening security’s reach
With just a little outside-the-box thinking, security specialists can stretch the boundary of where security technology adds value. Consider ways to use the tools at your disposal, such as your application security solution or security information and event management (SIEM), to solve new problems, especially those that go beyond traditional data-level security. Some examples:
- Consider ways of using log data from your application security solution to uncover anomalies, such as fraud.
- A SIEM solution knows about all your internal and external IP addresses you are communicating with. It can be used in conjunction with IP/Domain reputation to uncover malicious traffic. It can tell you, for example, when you are communicating with an IP address of dubious reputation—or a bot.
- Use vulnerability reports from your applications security solution to identify how the exploit would look and use it to actually write rules on your IPS. There are some vendor solutions that would do this automatically for you.
This reexamination of existing tech resources is a gift that can keep on giving. Make it a best practice to never make another expenditure on new technology without first checking to see whether you already own something that can do the trick. And don’t just wait until you have a new problem to shop for—review your use of existing solutions regularly.