Sergey Nivens - Fotolia

Manage Learn to apply best practices and optimize your operations.

How to find the cybersecurity tools you need

There are scores of cybersecurity tools in the marketplace, but you probably have all the ones you really need, writes security adviser Michele Chubirka.

If you ask enough pros about security tools, it's little surprise that most say they believe they don't have enough or the right ones for the job. Yet the industry is overflowing with them. In fact, today it seems that a career in information security is really more about managing tools than actually solving problems -- making an already difficult job overwhelming. Conference expo floors are filled with security products, leaving those of us with finite budgets wondering how we'll ever get everything we need to solve our problems. But here's the truth: You probably already own most of the cybersecurity tools you need.

Don't believe me? Let's examine just a few of the security features offered in standard networking equipment.

Consider the access control list (ACL). Firewall vendors love to talk about line rate and connections-per-second, but the reality is that no appliance is as fast in moving your packets as a good old-fashioned router. And they all have the capability of using ACLs for your traffic. When you're designing the standard demilitarized zone (DMZ) sandwich, you should ask yourself what services you're actually going to have publicly accessible. If it's primarily HTTP/HTTPS, then maybe you'll be better served with ACLs, host-based firewalls and intrusion detection systems in your DMZ. You don't need to maintain state with these protocols, because it's done at the application layer.

Load balancers offer intriguing security capabilities

The advanced features in recent next-generation firewalls are impressive, but will you trust them not to break a publicly facing application? And many of the advanced inspection techniques may not even work with fast path on a firewall. It makes more sense to use the security features in your load balancer, because it can definitely handle more connections per second.

A career in information security is really more about managing tools than actually solving problems

Speaking of load balancers, most have advanced health checks for services that validate content. If an attacker defaces your site, the load-balancer will determine the back-end server to be "out of service." Having a load balancer in front of an application also makes it harder to directly access the hosting server from outside your network.

Want more? There are additional out-of-the-box features such as SYN cookies, service connection throttling, protocol checks and distributed denial-of-service (DDoS) alerts. Sure, you could purchase a DDoS service or use a content delivery network, but unless you're The New York Times, you're probably going to host a Web application in your own data center. Many would even argue that a load balancer is the preferred technology to place at the perimeter of your DMZ to protect and serve your public applications.

Take a step back to find real benefits

Technologists love technology -- they can't help themselves. They crave working with state-of-the-art applications and hardware, often falling prey to the siren song of the latest shiny objects offered by vendors. While this passion can lead to innovative solutions, it's important to step back and evaluate whether the business will benefit from more expensive hardware or whether it can make do with existing tools. In Part Two of this series, we'll examine the beneficial security features in monitoring systems and even the domain name system.

Next Steps

Advancing the security agenda

The keys to cybersecurity

The CIO's role

This was last published in August 2014

Dig Deeper on Network Security Best Practices and Products

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

How do you use standard networking equipment to protect your network?