And so what’s the problem with this model?
Not all data is created equally.
A lot of data doesn’t necessarily mean you have good data. In fact, nearly all of the data needs to be qualified before use. An old friend, (Dr.) Vince Berk, is the founder and CEO of very cool company called FlowTraq. It's funny. When we talk, Vince says often “There is a fundamental difference between data and information. Information is the specific pieces of data that allow you to make actionable decisions. This means that two different people might find different bits of information in the same pile of data. As people's objectives and missions differ, they will need different pieces of data, "the right data", that is information for them.”
You need to ask, how will the data affect your current system when installed? Will it block key suppliers? Often times, even the most popular services are used for bad. Google’s domain name service (DNS), 220.127.116.11:53 for example, is often times called out as a command and control channel for malicious code installed in your network by the phisher du jour. Google isn’t bad, but good tools are often times used for purposes other than intended. And will you base your defense spending on unqualified data? How do you know what to buy to protect yourself when your analysis is potentially based on low confidence information?
Let’s turn the model upside down for a moment shall we?
I’m taking this metaphor from Ed Amoroso, the CISO at AT&T. He’s a smart guy, and the metaphor
|Source: USA Today|
So let’s think about this for a moment.. before you spend another dime on a sandbag that won’t protect you from that swelling riverbank, let’s take a smart look at what you should buy, what you should collect, and the data you must have, to help understand what’s going on in your network.
Here’s a start.
Monitoring (not protecting just yet) your network is a three-step process plus one more if needed (it will be):
Here’s how it works. If you’re going to take this on yourself:
In an environment with 1000 computers, a month of monitoring, troubleshooting, prioritizing and strategizing is a fraction of the long term cost of that next sandbags -firewalls, IPSs, Host Based IPSs, enterprise AV project, or whatever you’re going to throw on the pile next. Red Sky’s Manchester, NH based Wapack Labs and it’s Lebanon, NH based partner FlowTraq will install a solution, monitor your network, and tell you where your current levy is leaking. Armed with that information, you can purchase the protections you need not the protections you’re told you need.