InformationWeek Dark Reading has another article bemoaning the proliferation of Cybersecurity products:
Yes in a couple of weeks (at BlackHat USA 8/1- 8/6) there will be many new products touting some new way to do the same basic items:
SIEM -Security Information event Management and protection.
Detect the bad and delete it.
Most of these new products will not help us with tactics, techniques, and procedures or with training of our personnel – both technical and non-technical.
The security policy is the most effective weapon for a company, and the training program to make security easy to digest for the non-technical person just trying to finish their daily tasks.
I have added the Bandura Polliwall device (which I had the good fortune to view a demo early this year.
Polliwall claim to fame is to prevent unwanted traffic before it reaches your network by some method of filtering (like some countries-China will be blocked)
Even with an older image (Q2 2014) it still is apt.
Image reference Link: http://www.statista.com/chart/2801/china-is-the-worlds-top-source-of-internet-attack-traffic/ .
Back to Polliwall, even Polliwall can be circumvented easily, as a hacker just needs to get a server in the US, just by hacking one, or actually paying for one in the US.
So will we get a new device that will magically solve our problems?
The Internet of Things(IoT) are likely to be more devices that are not as secure as advertised and then will cause more problems than save. Or the IoT will be insecure once in place for a time with a new vulnerability, while people neglect to upgrade their devices.
What we need is to fundamentally understand what Security really is. Our Tactics, Techniques, and Procedures must line up with our technology and training for all employees. Create a Security framework that exceeds PCI Compliance and other compliance standards.