Re: State of security technology for the enterprise

[Marcin Antkiewicz <firewallwizards () kajtek org>]

> The underlying architecture is very important to providing control.

I doubt that the original poster's question can be answered without
rest of the relevant information. What is the environment? What
systems/data will be protected? Under what regulation? What budget?
How big is the staff? What's the infrastructure? What's the
organization's experience dealing with IT Sec risks?

A laundry list of technology is meaningless - each of the pieces must
work with the others, and satisfy some business need. If the later
part is neglected funding tends to dry up in 2-3 years. Justification
to the business does not have to be extravagant, but it must be well
done, and in language and context that the business understands.

ArkanoiD is correct, biggest Sidewinder is worthless, if the
application folks decide to include passwords in Javascript. I know of
a few places that try to correct such creativity with iRules on F5s,
but that's just a race that the org is going to loose. Sidewinders and
F5s are not needed, secure SDLC will fix that problem. Add decent
development process to sidewinders and the F5s and the org will be
doing quire well, but that's very expensive - requres cooperation of
IT Sec and App Delivery, which cannot be purchased.

I think I am trying to say that Seurity is a process, and cannot be
bought (in a sustainable manner), But that we all know already.

--
Marcin Antkiewicz
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards