Analyst & Research Reports

O'Reilly Modern Defense in Depth

Issue link:

Contents of this Issue


Page 11 of 53

In addition, many of the security technologies deployed require var‐ ious skill levels to effectively deploy, tune, and manage, adding to their overall costs. The various technologies also come with their own support, maintenance, and renewal costs, in addition to end- of-support and end-of-life announcements. For organizations to gain measurable value from the technologies they purchase and deploy, they must be able to implement the tech‐ nologies to their fullest ability. In many cases, before the technolo‐ gies are completely deployed, operators are pulled away from deployment and tuning activities to work on new or more critical projects. As a result, the "complete value" of the solution is never realized because it has been marginally deployed. Finally, and often because of industry consolidation, even if an orga‐ nization deploys a single vendor's solutions, the systems still do not communicate with one another, increasing cost and complexity overall. Marginally Deployed Web Application Firewalls The number of organizations that have invested in hardware-based web application firewalls (WAFs) to protect their public-facing web applications is enormous. However, many organizations have deployed their WAFs out-of-band, in monitor mode, or have never adequately tuned the WAF rules to their fullest capabilities. Attackers Understand How Security Technologies Work Today's cyberattackers fully understand the shortcomings in the security technologies that organizations deploy, as well as the way they are deployed. For example, attackers know that almost every network today is protected by a firewall. However, attackers still know how to gain access to internal networks quite effectively, right through firewalls. Because attackers can't penetrate the firewalls from the outside, what do they do instead? They take advantage of unsuspecting computer users and phish (fool) them into taking some sort of action. The action on the user's behalf can be as simple as clicking a link or 2 | Chapter 1: What's Not Working, and Why?

Articles in this issue

view archives of Analyst & Research Reports - O'Reilly Modern Defense in Depth