Thoughts About Security ~ Issues

So I recently had a long vacation…

During this lovely vacation one thing was always nibbling on my happiness. I was pretty sure that when I would eventually return to work, it would be back to failure after failure of the security systems we have employed.

Hold on… Let me start from the beginning.

   

Security professionals spend a long time and effort on convincing upper management and IT department of a security product, be it an email/web filter, IPS (intrusion prevention system), SIEM (Security Information and Event Management)… After literally years of fighting with upper management to get the funding, the deals are signed off and finally we get a smile on our face. That smile is short-lived.

IT departments have a tendency of  making our life a living hell! Yes you heard that right… IT is there to support users, not the Security departments… They are used to have things their way, because they are the technology savvy people, and not the business people. What happens next is that the security department wants to impose new rules and systems, and the IT department is fighting it. With the upper management on the security side finally, the IT department agrees on setting up and installing the system.

YOU WISH!!!! No celebrations last longer than a few days… Here is what happens!

• IT department blames any issues on the new “security” system!

o  Security: “HELLO!!! That issue you’re talking about has been happening for the last 10 years. We just installed our system!”

o  IT: “Our systems show that it’s your system’s fault. Deal with it.”

o  Security: “Let’s sit down and discuss.”

o  IT: “Turn off your system and then we will discuss when we have time.”

o  Upper Management: “Business cannot be affected, stop your systems and find a solution”

o  Security: “Stop systems…”

• Eventually, IT and Security sit together, and find out what the issue was…

o   Sometimes it’s the security systems fault

o   Most times it’s not!

• The system is back on and functional…. Guess what!!!

o   The system now starts to fail… Instead of spending time analyzing security incidents, you spend time trying to fix the damn system…

• You call the supplier. The supplier has sold you the system… Yet, they are either

o   Too important/big to supply proper support to your “small” company

o   Not really knowledgeable of their own products!

• Back to troubleshooting the systems instead of benefiting from them

So back to my first day back from the vacation… IT WAS HELL! All the systems had errors in them. Instead of relying on my systems to provide me with data and automate part of my analysis, we switched roles, and it became my job to fix the system (with NO help whatsoever from the suppliers!)

You know what… This will be for another post, but I am starting to truly agree with the professionals out there who keep on saying that we should completely change our approach to computer security. We are always relying on the incorrect set of tools, and these tools don’t even work half of the time. The other half, well they are lagging behind the attackers who keep on getting new (or very old neglected ways) of attacking our systems…