OnlinePCTips.com

• Why vender neutrality matters, including what it means and so on

o Example: You bring a security vender in to help you begin your security efforts beyond a basic firewall.

 A Securityvender with “partnerships” with the venders may spend your entire budget on the security devices alone, such as Intrusion Detection, Data Loss Prevention, Antivirus, Email Security, and so on, leaving no budget for any solutions or personnel that will actually monitor these devices. You end up with a ton of cameras, having nobody or no technology to watch them. Many of these devices produce thousands of events each day, but these providers won’t mention this to you. Instead, they’ll wait for you to discover it and have to come up with more budget to have them come back in and “solve the new problems”.

 A vender neutral provider will determine what your budget limitations are and present a holistic solution. This may combine free or open source options, such as Snort, Nessus, and other solutions, to allow budget for security information management technology, personnel, or managed security services to drive value and protection from the visibility these devices provide.

• What security providers/venders don’t want you to know!

o Security service providers often tailor what they offer to what they have expertise and profitable technology for. Over years of performing security services, this fundamental fact has not only become apparent from working for these providers, but also from the customers we talk with. In fact, many security professionals working at organizations world wide are equally naive in focusing their security efforts and security in areas they also have the best expertise in.

It’s human nature. One of the most prominent examples of this is application security. Application security and risks have become one of the most prominent areas of risk exploited by Internet attackers. Almost every company today has some custom technology or an outside vender producing custom code for things like their website, ERP/MRP system, or other business solutions. These programs often times touch our most critical data and traverse our most sensitive networks.

Within organizations, it is not uncommon for security professionals to work primarily with IT, networking, and compliance. It is rare for these professionals to work closely with development and even more rare for them to have development skills beyond scripting abilities.

Security service companies are equally under proficient and understaffed to deal with application security issues. More often, they depend on packaged application assessment solutions. While these scanners, like Web Inspect and others can do an excellent job of identifying common code risks, they often times are lacking in providing practical solutions. This is not so much their fault per se, but simply a result of having to make generic recommendations without knowing a thing about an applications business purpose and related requirements.

Making effective security solutions for applications requires a core understanding of both the business they serve and development skills used to serve them.

A simple historical fact that serves an excellent example of this issue with security venders can be seen by the thousands of organizations running intrusion detection that has no visibility to HTTPS (SSL) traffic. In fact, many intrusion detection systems, including Juniper IDP, have been shown in our own services to have features to allow the installation of SSL certificates, but do not actually work. For most, this isn’t even the issue because these features are never configured or discussed by security venders. The fact is, many don’t want to discuss application specific issues or even come to close to them knowing they have little knowledge and suddenly will become a leman if a developer is present.

Compliances are beginning to catch up to these facts. Many compliances, including PCI, now include requirements regarding both application security, training, monitoring, and overall due diligence. Unfortunately, many applications lack basic auditing or general logging of pertinent information necessary for operations. Yes, many include “logging”, but these logs are designed for developers and debugging. Effective monitoring many have to sift through thousands of debug level logs to see real information. In addition, most security information management technologies do not integrate with custom applications or require significant purchases of services to create the necessary integration. Vault Ecommerce addresses this issue through technology we’ve developed that fully integrates with custom applications without significant investment, using a modular method for definition.

In addition, many SIM technologies may integrate with some of these technologies, such as SQL Server, but provide little value or analysis to identify threats. In fact many of them are guilty of mostly showing pretty graphs with little decision making knowledge in their delivery.
Having strong security and development knowledge, %link2Vault Ecommerce focuses on many of these issues. While not being limited to application security issues, it has been our finding that they often represent the most critical of risks in our client environment and the important to focus on.

Fetch realistic advice in the sphere of traffic to website – make sure to study the webpage. The time has come when concise information is really at your fingertips, use this possibility.

So you want to create your own technology website just like this one huh? How do you get started? I’ll start the series with a quick article on how I got this site where it is. First off, this blog runs off WordPress. It’s easily downloaded and installed off wordpress.org if you have your own hosting, or you can host it at the wordpress site at wordpress.com. I’d recommend getting your own hosting if possible. It makes the website look more professional with your own domain name. I host my sites at hostgator, which is very reliable. I actually only pay $10 per month and have 9 websites running off one account! Pretty good deal!!

After you get your site up and wordpress installed, you’ll need plugins and themes for wordpress. We’ll get into more detail with this later on – but the next step is getting content! I found a site where you can get a bunch of website (or tech) content. I’d check this site out here — Technology Articles.

More to come in the coming days. Enjoy!

As an IT professional, I know firsthand the importance of quality IT training. Both new product training and ongoing support training are crucial for me to be successful at my job. The same is true for almost any profession these days. Even the most entry level job still requires some sort of computer and software use. I’ll been to many training sites over the years with many different companies. I believe one of the best computer training companies I’ve seen is Brainstorm, Inc. I had the chance to check out their course catalog and they have an excellent selection of computer and software training. I find the quick start cards very useful for new employees coming into the company. Even if the new employee is computer illiterate they can still learn the basics in a very short time with these quick start guides. The site also offers some free tips and tricks (just like this site) for different software and operating systems. Remember – if you know where to look you can really find great information online. No need to travel anymore to get quality computer and/or software training. I’d encourage everyone to check out Brainstorm, Inc’s website for computer training. They are one of the best companies I’ve seen online that gives quality training at an affordable price. Check them out here — learn microsoft access