If you ask enough pros about security tools, it's little surprise that most say they believe they don't have enough...
or the right ones for the job. Yet the industry is overflowing with them. In fact, today it seems that a career in information security is really more about managing tools than actually solving problems -- making an already difficult job overwhelming. Conference expo floors are filled with security products, leaving those of us with finite budgets wondering how we'll ever get everything we need to solve our problems. But here's the truth: You probably already own most of the cybersecurity tools you need.
Don't believe me? Let's examine just a few of the security features offered in standard networking equipment.
Consider the access control list (ACL). Firewall vendors love to talk about line rate and connections-per-second, but the reality is that no appliance is as fast in moving your packets as a good old-fashioned router. And they all have the capability of using ACLs for your traffic. When you're designing the standard demilitarized zone (DMZ) sandwich, you should ask yourself what services you're actually going to have publicly accessible. If it's primarily HTTP/HTTPS, then maybe you'll be better served with ACLs, host-based firewalls and intrusion detection systems in your DMZ. You don't need to maintain state with these protocols, because it's done at the application layer.
Load balancers offer intriguing security capabilities
The advanced features in recent next-generation firewalls are impressive, but will you trust them not to break a publicly facing application? And many of the advanced inspection techniques may not even work with fast path on a firewall. It makes more sense to use the security features in your load balancer, because it can definitely handle more connections per second.
Speaking of load balancers, most have advanced health checks for services that validate content. If an attacker defaces your site, the load-balancer will determine the back-end server to be "out of service." Having a load balancer in front of an application also makes it harder to directly access the hosting server from outside your network.
Want more? There are additional out-of-the-box features such as SYN cookies, service connection throttling, protocol checks and distributed denial-of-service (DDoS) alerts. Sure, you could purchase a DDoS service or use a content delivery network, but unless you're The New York Times, you're probably going to host a Web application in your own data center. Many would even argue that a load balancer is the preferred technology to place at the perimeter of your DMZ to protect and serve your public applications.
Take a step back to find real benefits
Technologists love technology -- they can't help themselves. They crave working with state-of-the-art applications and hardware, often falling prey to the siren song of the latest shiny objects offered by vendors. While this passion can lead to innovative solutions, it's important to step back and evaluate whether the business will benefit from more expensive hardware or whether it can make do with existing tools. In Part Two of this series, we'll examine the beneficial security features in monitoring systems and even the domain name system.
Advancing the security agenda
The keys to cybersecurity
The CIO's role