So I recently had a
long vacation…
During this lovely
vacation one thing was always nibbling on my happiness. I was pretty sure that
when I would eventually return to work, it would be back to failure after
failure of the security systems we have employed.
Hold on… Let me start
from the beginning.
Security professionals
spend a long time and effort on convincing upper management and IT department of
a security product, be it an email/web filter, IPS (intrusion prevention
system), SIEM (Security
Information and Event Management)… After literally years of fighting with upper
management to get the funding, the deals are signed off and finally we get a
smile on our face. That smile is short-lived.
IT departments
have a tendency of making our life a
living hell! Yes you heard that right… IT is there to support users, not the
Security departments… They are used to have things their way, because they are
the technology savvy people, and not the business people. What happens next is
that the security department wants to impose new rules and systems, and the IT
department is fighting it. With the upper management on the security side
finally, the IT department agrees on setting up and installing the system.
YOU WISH!!!! No
celebrations last longer than a few days… Here is what happens!
- IT department blames any issues on the new “security” system!
o Security: “HELLO!!! That issue you’re talking
about has been happening for the last 10 years. We just installed our system!”
o IT: “Our systems show that it’s your
system’s fault. Deal with it.”
o Security: “Let’s sit down and discuss.”
o IT: “Turn off your system and then we will
discuss when we have time.”
o Upper
Management: “Business
cannot be affected, stop your systems and find a solution”
o Security: “Stop systems…”
- Eventually, IT and Security sit together, and find out what the issue was…
o
Sometimes
it’s the security systems fault
o
Most times
it’s not!
- The system is back on and functional…. Guess what!!!
o
The system
now starts to fail… Instead of spending time analyzing security incidents, you
spend time trying to fix the damn system…
- You call the supplier. The supplier has sold you the system… Yet, they are either
o
Too
important/big to supply proper support to your “small” company
o
Not really
knowledgeable of their own products!
- Back to troubleshooting the systems instead of benefiting from them
So back to my first
day back from the vacation… IT WAS HELL! All the systems had errors in them.
Instead of relying on my systems to provide me with data and automate part of
my analysis, we switched roles, and it became my job to fix the system (with NO
help whatsoever from the suppliers!)
You know what… This
will be for another post, but I am starting to truly agree with the
professionals out there who keep on saying that we should completely change our
approach to computer security. We are always relying on the incorrect set of
tools, and these tools don’t even work half of the time. The other half, well
they are lagging behind the attackers who keep on getting new (or very old
neglected ways) of attacking our systems…
Man you got upper management to force those lamer IT people to shut the system down! thats tres cool norfecto perfecto. Hope you become the infosec manager one day
ReplyDeleteMr. Anonymous....
ReplyDeleteThat's not what I said... I mentioned that upper management forces security (and not IT) to stop the systems until a solution is found... cuz when IT say it's the security system's fault that business is stopped, upper management just needs to ensure business is resumed.