{"id":2533,"date":"2020-07-28T09:05:06","date_gmt":"2020-07-28T13:05:06","guid":{"rendered":"https:\/\/zzzptm.com\/wordpress\/?p=2533"},"modified":"2020-07-28T09:05:06","modified_gmt":"2020-07-28T13:05:06","slug":"security-for-all-sizes-integrating-security-solutions","status":"publish","type":"post","link":"https:\/\/zzzptm.com\/wordpress\/?p=2533","title":{"rendered":"Security for All Sizes: Integrating Security Solutions"},"content":{"rendered":"\n

The sentence is simple: get all the security solutions<\/a> to work with each other. So how do different sized firms deal with that directive?<\/p>\n\n\n\n

At the small company, the good news may be that there are only one or two solutions<\/a> to work with. The bad news may be that they’re small business<\/a> solutions that don’t have full enterprise<\/a> features for integrating with anything. The bad news may also be that the IT person at that small business<\/a> is either a visiting consultant or someone that handles all the IT, from the production line systems<\/a> on up to ordering replacement RAM<\/a> for company laptops. Basically, someone that doesn’t have 100% attention on security.<\/p>\n\n\n\n

But let’s say that the small business IT person wants to do the right thing and be serious about security. She’s got an antivirus<\/a> program for the PCs and a firewall<\/a> for the Internet<\/a> connection. She could stare at firewall logs<\/a> all day long, or maybe she could spin up a syslog<\/a> server. That sounds like it would be both a fun project<\/a> and have a big payoff at the end of the work.<\/p>\n\n\n\n

Unless she’s unfamiliar with Linux. Because that’s where the free<\/a> syslog servers live. Linux<\/a> is not an intuitive sort of thing, and learning<\/a> it can be a difficult and frustrating experience. Chances are, if this IT person is dedicated enough to get into Linux, she may have moved on to a better opportunity<\/a> by the time she knows enough to start up a Graylog server.<\/p>\n\n\n\n

Now, if she’s staying with the small company out of sheer loyalty (maybe a family member or other dearly loved one is running the company), she’s got to learn how to<\/a> do Greylog<\/a> after that bout with Linux. Once that task is done, she can turn on logging<\/a> on that firewall and create some rules in Greylog to alert<\/a> her on specific rule violations or when there are multiple violations of the same rule from a single host…<\/p>\n\n\n\n

… and then come back the next day to see her inbox swamped with alerts<\/a> from the syslog server. Now she’s in the final phase of implementation<\/a>, tuning the alert frequency. After that, she’s still faced with manually inspecting devices<\/a> that are generating the most alerts because that anitvirus solution at the small firm doesn’t have any monitoring tools<\/a> to go with it.<\/p>\n\n\n\n

By now, she is master of the firewall, syslog, a fair<\/a> amount of Linux, and how to find great deals on copier paper and toner. Not wanting to develop her copier paper ordering skills<\/a> any further, it is quite likely she’s ready to rationalize away whatever loyalty she has and move on to the next opportunity.<\/p>\n\n\n\n

And that’s the final obstacle for security solution<\/a> integration at small companies. Quite frequently, they can’t pay enough to keep motivated, skilled professionals on the payroll. They’ll either have to deal with unmotivated IT people that really don’t care to stretch their skills or turn to a firm that will place someone onsite 2 or 3 times a week to check on how things are going there. If the previous person set up an alerting system, they’ll use it. Maybe. But they sure aren’t going to build one out. That’s work well above their pay grade.<\/p>\n\n\n\n

So we follow our IT pro<\/a> to a medium-sized company. Here, she’s no longer a department of one. For sure, she’s no longer dealing with renewing licensing<\/a> for everybody’s softphones. She’s the security person, alongside the network<\/a> person, the sysadmin<\/a>, the phone<\/a> guy, the 3 techs that do operations<\/a>, and the wireless<\/a> person. Not bad, am I right? She can specialize now, no question<\/a> about it.<\/p>\n\n\n\n

Well, maybe there’s a few questions about it…<\/p>\n\n\n\n

For example, this medium-sized company has an AV<\/a> system, an IPS<\/a> here and there, a perimeter<\/a> firewall and a datacenter<\/a> firewall (different vendors<\/a>, to boot!), a syslog server<\/a> that is running at the very limits of the “free” offering from its vendor<\/a>, a proxy<\/a> server, and security is also in charge of the IPAM<\/a> and PAM<\/a> systems. There’s a good chance that our IT pro may not have heard of either IPAM or PAM and may even make the mistake of thinking they’re the same thing. But she’s on top of things and learns the difference between IP Address<\/a> Management<\/a> and Privileged Account Management<\/a>, and all seems well, except for the fact that she has to ramp up on 6 different technologies. There won’t be any integration until that happens.<\/p>\n\n\n\n

As she’s ramping up on those techs, she’s also responsible for supporting them. That means lots of explaining to users<\/a> and developers<\/a> why this security system or that one isn’t interfering with their application’s performance. She even posts this image in her cubicle and points to it as she sees a user or developer<\/a> walk up:<\/p>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

(On a personal note, I’ve used that image. It has yet to prove my case to a developer out of hand, but it does help to set the tone of the discussion to encourage the dev to look for other reasons why the app<\/a> isn’t working.)<\/p>\n\n\n\n

While that helps with the firewall questions (see my personal note), it does nothing for the constant requests to exempt websites from the proxy filter. She’s barely got enough time to read product<\/a> documentation<\/a>, so when is she going to find time to integrate those solutions?<\/p>\n\n\n\n

Moreover, how does she go about automating actions between the systems? It’s not like the firewall is built to take direct input from the proxy server. The syslog server seems to be the logical choice as a clearing house of information, but how can it be configured to send commands to one system or another based upon logging info that’s coming in from another source?<\/p>\n\n\n\n

It’s possible that the security systems<\/a> have an API<\/a> that can allow commands to be sent to them. It’s also quite possible that the systems *don’t* have an API, or that the API is such that the syslog system can’t send commands to it. Even if the API is one that the syslog server can interact with, our IT pro would then have to learn how to write code. If she’s lucky, she can borrow a developer for a day or three to help with the project. If not, then she’s got a steep learning curve ahead of her if she’s never really done programming<\/a> before.<\/p>\n\n\n\n

But there’s also a fair chance that she won’t have to do all this alone. It’s entirely possible that the medium-sized firm has enough wherewithal to contract professional services<\/a> from a vendor. If that can be done, then she can stay focused on her day-to-day work while the vendor’s pro serv person hacks<\/a> out the code<\/a> and does a knowledge transfer at the end of the engagement.<\/p>\n\n\n\n

Now, I need to make a disclaimer here because I am part of a professional services team for a vendor. While someone could accuse me of wanting to feather my own nest, the truth is that, as a customer, I have benefited greatly from vendor professional services. They are definitely worth looking at.<\/p>\n\n\n\n

The pro serv route is also available at the large company level. If we have our IT pro start a career<\/a> at a large firm, she’s going to find that she can specialize more in the technologies she works with each day. This means that, while she gains a deeper knowledge of just 2 or 3 systems, she’s also no longer connected to *all* the systems. Other people on her team, possibly even other teams entirely, will handle those systems. Integration now means not just mastering the technology, but mastering the political considerations that go with cross-team projects. Will the integration mean one team or the other takes over a technology? If both teams manage the system, which managers are responsible for which functions?<\/p>\n\n\n\n

One of the stickiest questions is: will we wind up stretching one product to fill a role that is actually better suited to another product? Added to that one would be: which systems does it make sense to integrate with which other systems? Both of these questions deal with lines of demarcation, where one system ends and another begins. For example, at what point does the antivirus protection<\/a> end and the vulnerability scanner<\/a> responsibility begin? Which has priority over web<\/a> traffic, the data exfiltration<\/a> protection<\/a> or the proxy server?<\/p>\n\n\n\n

While any integration at the small or medium sized company was done pretty much as a solo or very small group effort, the large company integration could very well be impossible without a multidisciplinary product team, with an oversight committee made up of about a dozen operational and service-line managers.<\/p>\n\n\n\n

Like I said, “get all the security solutions to work with each other” is easy to say. Getting progress on that task means understanding the obstacles and then figuring out how to clear them out of the path.<\/p>\n","protected":false},"excerpt":{"rendered":"

The sentence is simple: get all the security solutions to work with each other. So how do different sized firms deal with that directive? At the small company, the good news may be that there are only one or two solutions to work with. The bad news may be that they’re small business solutions that don’t have full enterprise features for integrating with […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12],"tags":[],"class_list":["post-2533","post","type-post","status-publish","format-standard","hentry","category-security"],"_links":{"self":[{"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/2533","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2533"}],"version-history":[{"count":1,"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/2533\/revisions"}],"predecessor-version":[{"id":2534,"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/2533\/revisions\/2534"}],"wp:attachment":[{"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2533"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2533"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2533"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}