Page 69 - Cyber Warnings
P. 69
Are Cyber Security Vendors the Worse Criminals?
There is no doubt those who maliciously attack IT environments or steal data are criminals who
need to be prosecuted. Unfortunately, some of the inventive malware used to commit crimes
shows far greater innovation and prowess than the solutions to combat them.
Vendors provide expensive security solutions that are nothing more than repurposed IT tools
with limited capabilities. Worse, these solutions are incredibly complex to install, take months to
configure, and are incredibly fragile to maintain. The result is huge investments in security
products that do not improve the understanding of actual security posture, and provide a false
sense of security. The bottom line; if an organization is paying for a product that offers limited
capabilities, provides complex results, and continually requires hours of work to maintain,
money is basically being thrown down the drain.
Not only do most security vendors over sell “solutions” that fail to provide the information
professionals need to secure their IT environments, they push a narrative of fear. As Brian
Krebs, author of the KrebsOnSecurity Blog and Spam Nation commented, “For better or worse,
there is a fine line between selling security services and selling fear, uncertainty and doubt.” All
too frequently, this line is crossed. The security industry is full of ghost stories, glorifying the
genius of cyber criminals, making the idea of securing data sound like an enormously
complicated process requiring an enormous investment in tools.
This narrative is almost completely false. An overwhelming percentage of attacks exploit known
vulnerabilities listed by our own national government in the NIST SCAP database. With only a
few Google searches anyone with rudimentary technical knowledge can find vulnerabilities and
the tools to exploit them online. If we dismiss the fear mongering spreading through our
industry, what needs to happen to secure IT environments? The answer is not found in more
tools, more complexity, and more expense, but in understanding how criminals could potentially
attack. If criminals are exploiting known vulnerabilities, organizations need a method to track
and eliminate known vulnerabilities from their environments.
About the Author
Andrew Strom is an Online Marketing Specialist at Sergeant
Laboratories, a leader in security and compliance solutions that allow
businesses, governments, and healthcare institutions to comply with
regulations and stay a step ahead of criminals. As a graduate of the
University of Minnesota, Andrew has experience marketing products
from a variety of industries. As a contributor to CDM, he hopes to
spark new thought and discussion topics in the information security
community.
Connect with Sergeant Laboratories: http://www.sgtlabs.com
Sergeant Laboratories Blog: http://www.aristotleinsight.com/blog
LinkedIn: https://www.linkedin.com/company/sergeant-laboratories-inc
Twitter: @Sergeant_Labs
69 Cyber Warnings E-Magazine – February 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
