If Your Security Solution is Just a Single Tool, it May Not be Enough

Picture this… A huge industrial fire breaks out at a warehouse in the lower east side of the city. Black smoke billowing high into the air can be seen for miles around as people escape to safety. Suddenly, a large crash and screams can be heard as part of the building collapses from inside. Several fire trucks are there. The truck is full of fire-extinguishing and lifesaving equipment. Hoses are connected to hydrants. Ladders are towering high into the air. Nozzles pointed at the fire. Only one problem, there are no firemen.

It's difficult to imagine a scene like this without the actual fire fighters present to use the equipment needed to extinguish the fire and save all those in need adequately and safely. In our minds we often do not separate the tools such as hoses, hydrants, ladders, axes, etc. from the people risking their lives. We look at firefighting as a “solution” and we don’t distinguish between tools and people. All the elements work together in a prescribed way that has proven successful for a very long time.

As a society, we are obsessed with the latest tools. Unfortunately, we don’t think as much about what makes a tool valuable. A tool by itself has limited or no value. A fire hose, an axe, a firetruck has no value without the men and women that are trained to use various tools to solve real-world problems. These firemen also must be available and ready to respond when an emergency occurs. Likewise, people, without the right gear and tools would be of little value in an emergency and could harm themselves and others.

In IT security, a tool is often confused for a solution. Take the Target breach for example. Target had some of the most advanced (and expensive) technology available on the market at the time to detect malware and advanced threats. The system in fact detected the breach and sent the proper notifications. Security staff ignored, dismissed, or otherwise neglected this data which resulted in one of the largest and most publicly discussed breaches of all time. Why? Because Target bought a tool thinking it was a solution.

Tools are great but they are only useful and valuable if they are deployed in a timely manner, configured properly, tuned continually, maintained appropriately, managed correctly, and monitored by qualified and trained personnel. Otherwise, best case you have a rather useless tool. Worst case you are relying on a technology believing it is providing risk mitigation value where it isn’t. In other words, tools, and technology by themselves can be more dangerous to your organization because they can create a false sense of security.

The threat landscape has changed. Malware is the greatest threat to organizations. Malware can evade nearly all traditional information security technologies including firewalls, intrusion detection and prevention systems, and anti-virus software. New, advanced technology and tools exist to combat these latest threats; however, they are just tools. Real information security comes from merging best of breed tools and technologies with the expertise needed to transform those tools into solutions. Don’t get caught purchasing a tool and believing it is a solution.

RNSi offers next generation information security solutions designed to protect systems from the latest information security threats without the need for additional hardware, software, or IT personnel.