There's a great post over at infosec-island, commenting on the cultural, procedural and technical problems that appear to be still present in infosec environments.
All of the reasons are pretty much spot-on, but the following stuck out from our technology perspective:
6. The tools you use are ineffective (they don’t really work) and inefficient (they cost way too much)
5. Your security vendor is lying to you and why shouldn’t they, you believe them
2. Your dealing with the exact same problems you dealt with a decade ago, only it seems so much worse today then back then
It seems to me that reasons 2, 5 and 6 are interlinked. After speaking with someone we know at a local data centre, as well as folks at a local MSSP, it's clear that the lack of innovation in this domain is stark to say the least. As Niladri highlights, all of the trade shows he's been to in the past, in his other life in other industries, have had some form of innovation. Information Security? Nope. Nada. Nothing. The path that most of these guys are on is BIGGER FASTER MORE of the same old stuff that's becoming increasingly obsolete.
No comments:
Post a Comment