By Matt McKinley, US Director of Product Management, Stonesoft
The MSPAlliance welcomes a guest post from Stonesoft, Inc. (www.stonesoft.com), a global provider of network security solutions to MSSPs, enterprises and government organizations.
The cost of network security has risen dramatically over the last five years. As such, not every company can deploy the breadth and scope of security that they would deploy if they had an unlimited budget. MSSPs have a unique responsibility to help cost-conscious customers deploy the best security measures they can within their own budgetary and resource constraints.
Here are three steps to developing a network security strategy that strikes a balance between offense and defense:
Pinpoint weaknesses: It’s imperative to understand the weakest links in a client’s network so that the appropriate counter measures can be implemented. For some, this may take the form of education, for others this may involve fortifying a particular area of the network. Regardless, spending the time to identify it now will stave off disaster in the future. If you don’t know where the weak spots are, hackers will certainly find it.
Determine costs of protection vs. avoidance: In an ideal world, protections would be deployed at every intersection of data traversal. The reality is that choices have to be made regarding the most important assets and how to protect them. MSSPs must help companies evaluate which assets are acceptable to risk, which are not and costs associated with both. When this understanding is reached, security devices and controls can be repositioned or reformulated to ensure that the most critical assets have the proper level of protection. Avoidance, on the other hand, may be necessary to ensure that other, more critical, assets are well protected.
Understand false causality: Last, and certainly not least, is the understanding that statistics have a certain value, but should serve more as a data point in multi-year trends. Particularly in the case of a sensitive subject, such as security, following statistics in making decisions can be dangerous. Every network, business and industry is different and statistics don’t always reflect such. In the never-ending game of offense and defense in the world of security, would you want to leave anything to chance?