I have a small dog at home. He is a Havanese, if you have ever seen these dogs they are a wonderful breed. Clean, friendly, not aggressive at all. And he is alert, I mean he is really alert. Our home has lots of windows and our back patio has a view of the neighborhood on both sides of the corner. So he has lot to be alert about. And he does not miss a thing. And he is not aggressive so I am not worried about him attacking anyone by being overly protective. Buddy is the ultimate data security system, possibly even better than a person. And he sure does cost a lot less than a person. So why am I telling you about my dog?
What Is Your Alerting System?
This is not a technical blog and this is not a technical blogpost. But serious consideration needs to be made to ensure that your data is protected by the correct alerting. Buddy can be fast asleep in the middle of the night and if there is someone or something outside he will know about it. That is exactly what you need. You need to ensure that your security posture calls for aggressive alerting to let your IT staff know before there is an attack and to do it by default. It should be able to report back to your IT management to make sure they are informed of trends and patterns developing so you have time to mitigate them. This information should be available to management so it can be applied to your security policy for preparation for future events. Remember your security posture is a living breathing thing, it is constantly moving forward just like a shark. When you stop moving forward that is when you get hit. It should do this in an informational way just like Buddy so you are not cutting off potential friendly vendors or customers because your alerting system is too proactive. Always remember you are defending not attacking.
IT Staff Is Too Busy
Most IT staffs can barely do what their daily duties normally involve. Fixing something that is broken. So most IT staffs do not have in place the correct alerting systems. And if they are asked to figure it out like some companies do. It is usually done ineffectually or incorrectly because all they are being tasked to do is get something in. They are not security professionals. So they do an RFP, or talk to some vendors they may even test one or two alerting systems or services. But at the end of the day if there is no effective security posture that has been properly communicated down to the IT folks. With standards and metrics on alerting it will not be effective in stopping that next attack. Who is going to do the reporting, and to whom? What needs to be in the reporting? So ask yourself who is your Buddy, and is he doing his job to help you protect your data? I know I am protected.