ARE CYBER SECURITY VENDORS THE WORSE CRIMINALS
There is no doubt that those who maliciously attack IT environments or steal data are criminals who need to be prosecuted. Unfortunately, some of the inventive malware used to commit crimes, shows far greater innovation and prowess than the solutions that vendors offer to combat them.
Vendors provide enormously expensive security solutions that are really repurposed IT tools with limited capabilities. Worse, these solutions are incredibly complex to install, take months to configure, and are incredibly fragile to maintain. The result is huge investments in security products that lead to no real understanding of actual security posture, and provide a false sense of security. The bottom line is, if an organization is paying for a product that offers limited capabilities, provides complex results, and continually requires hours of work to keep running, money is basically being thrown down the drain.
Not only do most security vendors over sell “solutions” that fail to provide the information professionals need to secure their IT environments, they push a narrative of fear. As Brian Krebs, author of the KrebsOnSecurity Blog and Spam Nation commented, “For better or worse, there is a fine line between selling security services and selling fear, uncertainty and doubt.” All to frequently, this line is crossed. The security industry is full of ghost stories, glorifying the genius of cyber criminals, making the idea of securing data sound like an enormously complicated process requiring an enormous investment in tools.
This narrative is almost completely false. An overwhelming percentage of attacks exploit known vulnerabilities listed by our own national government in the NIST SCAP database. With only a few Google searches anyone with rudimentary technical knowledge can find vulnerabilities and the tools to exploit them online.
If we dismiss the fear mongering spreading through our industry, what is it that needs to happen to secure IT environments? The answer is not in more tools, more complexity, and more expense, but in understanding how criminals could potentially attack. If criminals are exploiting known vulnerabilities, organizations need a method to track and eliminate known vulnerabilities from their environments.
AristotleInsight is a big data security analytics solution implementing the UDAPE model. The solution collects, links, and organizes security data in order to establish baselines, conduct user behavior analysis, recognize anomalies, and detect advanced persistent threats.