Discover PerformanceHP Software's community for IT leaders // November 2012
5 questions to spur security innovation
Sometimes the best innovations are right under your nose. In security, there’s a huge opportunity lurking in simply doing more with what you’ve already got.
For every problem, there’s a product that promises a quick fix. That’s why a common strategy to solving a new challenge—in security and elsewhere—is to buy something. Eventually, short-sighted fixes pile up into an unmanageable collection of poorly integrated, partially utilized solutions.
Instead of a highly orchestrated response to the risks your enterprise faces, you end up with overlap, solutions that don’t communicate well, and a lot of unused technology firepower. At a time when every part of the IT organization is under pressure to provide value through innovation, and to do more with less, exploring the underutilized tools at hand can let security deliver new value with what it’s already got.
Make what you’ve got work harder
Take a second look at your inventory of security solutions, and look for new and better ways to use them, singly and together. Start like this:
1. Why did I buy this solution? Rushed implementations designed to solve one urgent problem often overlook the full range of possibilities. Now is the time to look deeper.
2. How often do I look at all the dashboards for this product? If you only look at one part of the management interface, it’s time to find out what there is that you’re not using.
3. Have you updated this product—and how you use it? Most vendors provide major updates to their security solutions every six months. A solution you once bought for a single function may have added features that will work better with what you’re doing now, and will save you the cost of another point solution.
4. How many of your security products don’t integrate at all with anything else? Isolation puts negative drag on a solution’s overall value. Poorly integrated solutions should be the first on your list to replace/retire with something that can work more cooperatively in your environment.
5. Do I have multiple products that can do the same thing? Many businesses make the mistake of believing that they need the top-performing solution for every function, which leads to feature overlap. Look for a single solution that gives you the best overall performance for all of the features it performs.
Don’t forget you have a willing (and free!) assistant to aid your investigation into these issues: your vendors. You should trust your vendor enough to say: “I bought this from you. Am I getting the most out of it?”
Broadening security’s reach
With just a little outside-the-box thinking, security specialists can stretch the boundary of where security technology adds value. Consider ways to use the tools at your disposal, such as your application security solution or security information and event management (SIEM), to solve new problems, especially those that go beyond traditional data-level security. Some examples:
- Consider ways of using log data from your application security solution to uncover anomalies, such as fraud.
- A SIEM solution knows about all your internal and external IP addresses you are communicating with. It can be used in conjunction with IP/Domain reputation to uncover malicious traffic. It can tell you, for example, when you are communicating with an IP address of dubious reputation—or a bot.
- Use vulnerability reports from your applications security solution to identify how the exploit would look and use it to actually write rules on your IPS. There are some vendor solutions that would do this automatically for you.
This reexamination of existing tech resources is a gift that can keep on giving. Make it a best practice to never make another expenditure on new technology without first checking to see whether you already own something that can do the trick. And don’t just wait until you have a new problem to shop for—review your use of existing solutions regularly.
After you’ve combed through your existing products, see how HP Enterprise Security’s solutions can help you better integrate your technology for greater utilization, efficiency, and value. For insight into maximizing your security investment, talk to the experts at HP Enterprise Security Services.
HP CEO Meg Whitman discusses how connected intelligence will drive IT operations, application development, IT security, marketing, compliance—and the bottom line. Register now.
Connect with nearly 1,500 security pros to learn how to better disrupt or mitigate threats. Learn to think like a bad guy. (Washington, D.C., Sept. 8 – 11)
The Heartbleed vulnerability set users and enterprises scrambling. How can we avoid or mitigate the next Heartbleed?
HP Software’s Paul Muller hosts a weekly video digging into the hottest IT issues. Check out the latest episode.
Preparing today for tomorrow’s threats.
Introduction to Enterprise 20/20
What will a successful enterprise look like in the future?
Challenges and opportunities for the CIO of the future.
Dev Center 20/20
How will we organize development centers for the apps that will power our enterprises?
Welcome to a new reality of split-second decisions and marketing by the numbers.
IT Operations 20/20
How can you achieve the data center of the future?
What the workforce of 2020 can expect from IT, and what IT can expect from the workforce.
Looking toward the era when everyone — and everything — is connected.
Data Center 20/20
The innovation and revenue engine of the enterprise.