Intrusion Detection and Prevention Software Forum
Jan 13 2021
There are many cybersecurity tools available, but some aren't doing the job that they should be doing.
What are some of the threats that may be associated with using 'fake' cybersecurity tools?
What can people do to ensure that they're using a tool that actually does what it says it does?
SimonClark Dan Doggendorf gave sound advice. Whilst some of the free or cheap platforms will provide valuable information and protection, your security strategy has to be layered. Understand what you want to protect and from whom. At some point you will need to spend money but how do you know where to spend it? There are over 5,000 security vendors to choose from. There is no silver bullet and throwing money at it won’t necessarily fix what you are at risk from but at the same time free products are free for a reason. If your organisation doesn’t have a large team of security experts to research the market and build labs then you need to get outside advice. Good Cyber-advisors will understand your business and network architecture therefore will ask the right questions to help you to navigate the plethora of vendors and find the ones that are right for where your business is now and where you intend it to be in the future. Large IT resellers will sell you what they have in their catalogues based on what you ask for and give a healthy discount too but that may not fix the specific risks your business is vulnerable to. A consultative approach is required for such critical decisions. By the way, there are free security products and services that I recommend.
Dan DoggendorfThe biggest threat is risks you think you have managed are not managed at all so you and your executive team have a completely false sense of security. This is even worse than not having any tool in place. With no tool in place, you at least know you have a vulnerability. There several ways to ensure a tool is doing what it is supposed to do. 1. Product Selection - when selecting a tool, do not focus on what a tool can do. Focus on what you want the tool to do. You drive the direction of the sales demo, not the sales team. 2. Product Implementation - use professional services to implement and configure the solution. Your team should be right there with them as a knowledge transfer session but the professional who installs and configures the product every day should drive the install, not someone who wants to learn. 3. Trusted Partners - find yourself a trusted partner(s) who can help guide you. This should consist of product testing labs partners, advisors who live and breathe the space daily, and resellers with a strong engineering team.
Javier MedinaYou should build a lab, try the tools and analyze the traffic and behavior with a traffic analizer like wireshark and any sandbox or edr that shows you what the tools do, but all this should be outside your production environment, use tools that has been released by the company provider and not third party downloads or unknown or untrusted sources.
Let the community know what you think. Share your opinions now!
Simon JaninFrom a pure cyber security and technical point of view the most important aspects are: (1) The detection rate and (2) The width of coverage (how much attack surface is protected). For the first one, it is unfortunately very difficult to assess the detection rate of a solution unless you are an expert with a large dataset of threats (known and unknown) at your disposal to benchmark the solution against. In any case, you should make sure the solution is capable of detecting unknown and novel threats - this is, the solution must go beyond heuristics and possess a profound understanding of cyber threats. Second, the width of coverage means that the solution covers a large number of threat verticals but more importantly is deployed at anywhere where a threat may appear. In several cases, customers do not cover all the areas of their network.