Somehow I found thw fine articleHow Security Tech Is Failing Us. After my stream of conscious commenting (sorry about the double commenting BTW - darn login process), I think I found the solution to many IT security problems.
Here's my comment in full:
Lack of a silver tech bullet is interesting. However the larger issue is the overall lack of maturity across security services. The only folks worthy of pointing fingers at the tech vendors are those with at least a measured level of security maturity across the stack. Sure custom malware exists. What are the attack vectors: unpatched software, misconfigured devices, basic coding errors, ignored databases, user's not held accountable for their actions. Quick litmus test: how many orgs have a solid CMDB?
Calling out tech to save the day perpetuates the problem.
If you really want to call vendors out, demand they ensure their tech is implemented properly before they get paid. That might be interesting
Any CISO's out there want to give it a shot?
Share on Facebook
Share on Twitter
I'm busy working on my blog posts. Watch this space!