The Silver Bullet
Numerous companies are in the business of selling security products and software: network firewalls, application firewalls, intrusion prevention systems (IPSs), data loss prevention systems, network access control systems, application scanners, and static code analyzers—the list goes on and on.
Security products and software offer enormous aid to corporations that want to secure their data and reputation. The solutions they offer, in orchestrated combination, are necessary and useful in helping to protect any company from intruders. Unfortunately, many corporations end up making decisions that are influenced by marketing speak from the security product vendors who often promise them the silver bullet: “buy our product and you will be safe from all types of attacks.”
In this case study, we will take a look at how individuals responsible for protecting the data and reputation of a company often lose sight of the big picture of risk management, and end up buying the promise of the ultimate silver bullet.
The Free Lunch
As vice president of security engineering for Acme, Inc., a major credit card company, Haddon Bennett was responsible for securing his employer’s systems from criminals. He had a team of 24 direct reports, responsible for day-to-day security operations, which included monitoring of events from IDSs. His team was also responsible for providing guidance to the company’s various business units on security best practices.
In three months, Haddon was due to present ...
Get Hacking: The Next Generation now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
