Simplifying Security: Choose the Right Toolkit, not Tool.
I applaud many of our customers for being smart. Not to say other people are not, but they have made a specific choice in the past based on an understanding. They understand that a single security solution to make your IT environment safe, simply does not exist. It is the combination of tools, or your toolkit, which does. For this same reason, a carpenter has a tool chest, not a single tool.
As a founder, I get to see the feature requests. Many of them, which sound great on paper, simply do not belong in our product. Why? We focus on auditing of Unix based environments. So extensive logging features are not part of our product (for that you might want to use Splunk or other tools).
These feature requests made me think about the following question: why do we want to have just one single solution for things?
Pros and Cons
Some benefits of one solution are immediately clear: good integration, usually cheaper, and less overhead. On the other hand, one solution is often also a compromise on specialization benefits. Another issue with having too much functionality into 1 tool is that it becomes harder to use. After all, more functions have to be implemented, making the user interface harder to use. Going back to the carpenter, he would have to handle a tool so big in size, it is impossible to use.
Making Security Simple
If you want to make security simple, you should start at the beginning. It is the place where you look at your threats to your business and operations. Second are the involved risks, from business to technical risks. If the threats and risks are clear, you can start with creating your toolkit. You select the right tools for your personal toolkit. Some companies might put additional focus on logging and event management, while others focus on malware.
The Unix Way
In the field of Unix administration, we apply the rule “do one thing, and do it really well”. It is for this particular reason why Unix based systems are stable. Each tool is doing one single thing. For unclear reasons, we don’t want to apply the same when it comes to security. Maybe because it is still seen as a necessary burden? In any case, there is a lesson to learn from this. Small and simple things, usually are a lot stronger. If you want to have a powerful tool to solve a problem, select the product which is specialized in that.
Building Toolkits
If you are building your toolkit, you might wonder where to start. After all, there are so many tools available, both commercially and open source. As an extension to the carpenter analogy, let’s go from there. If the carpenter wants to keep his toolkit up-to-date, he will determine what kind of work he did lately and what is there to come. Within the world of security we should do the same. Too often, we rush into making a product purchase while we don’t really know what we need.Better planning helps to create
Better planning helps to create budget and become more proactive to deal with known and unknown threats. For example, if you are a hosting company, you might not have to deal with malware currently. If you did your risk assessment properly, you will know there is a fairly high risk of websites being infected with spam scripts. So this is a great start for filling up your toolkit with tools.
Just filling your toolkit with similar products, is a recipe for disaster. Your toolkit should have a variety set of hammers, screwdrivers, and measuring tape. We need tools to measure, like one tool for intrusion detection. Another tool might be there to limit access, or prevent something from happening at all.
Conclusion
There is no “one size fits all” tool when it comes to security. Consider yourself the carpenter who needs to work on different projects, and select the appropriate toolkit for the job. If you are in the process of selecting a new solution, drop the “it needs to have all” and consider combining more tools. Create your own toolkit, to do your job easier, using the power of each single tool.
Happy hardening!