Assess the Effectiveness of Your Security Tools
How much do you pay to secure your network annually? Ten thousand dollars? Fifty thousand? One hundred thousand or more? Did you ever ask yourself how to assess the effectiveness of your security tools? If your answer was, “No, because the network is functioning, and users aren’t complaining,” see my blog post here.
The truth is, everyone likes to think they are protected, because they write that big check at the end of the year. But, in reality, how can you be sure? If you are like most, you are audited. Maybe the auditor wants to see a check-box, or maybe they want to see some logs. Maybe they even want to see that you have reviewed your own logs. Regardless of what they want to see, the only way to test your network security is to test your network security.
After all, if you are doing URL filtering, you should not see any traffic for the blocked categories, right? If you block certain types of applications or traffic, you should not see that traffic on your network, right? You certainly should not see malware running around on the network or bots communicating back to the mother-ship.
Interestingly enough, there are many security vendors out there who will be happy to come in and provide this validation for you free-of-charge. That’s right, free. Why would they do something like that? They believe if they can get in there and show you what you are missing, you will certainly want to buy their product. So, why not take advantage of that? Most of them are unobtrusive, take almost no engineering resources at all, provide you a comprehensive report, and allow you to validate your security infrastructure all at the same time.
You can even go so far as to use this report as an “intra-year” third-party assessment. If your security infrastructure is functioning like a well-oiled-watch, you have nothing but upside with this little trick. If it happens to find something you did not know about you are even further ahead of the curve. If you are unsure where to find one of these types of audits, contact me here, and I can point you in the right direction. If that link does not work for you, simply introduce yourself here, and let us know what you need.