Security-vendor snake oil: 7 promises that don't deliver

Beware bold promises from a multibillion-dollar industry that can't prevent your IT systems from being routinely hacked

Page 5 of 5

Every company I know that's implemented smartcards is just as thoroughly hacked as the companies that don't. Smartcards do give you added security, but it's only a small amount and not in the places you really need it. Want to stop hackers? Improve your patch management processes and practices, and help your users refrain from installing stuff they shouldn't. Those two solutions will work hundreds of times better than smartcards.

Making the best of a compromising situation

Today's computer security world is a crazy, paradoxical one. Computer security companies are collecting billions of dollars for customers who are still routinely hacked.

Firewalls, IDSes, and antivirus programs don't work. How do I know? Because most companies have all these security technologies in place, and they are still compromised by hackers, almost at will. Even our good, reliable, secure encryption is mostly meaningless. Either hackers go around the crypto (by directly attacking the target in its unencrypted state on the endpoint), or the cryptography is poorly implemented (the OpenSSL Heartbleed bug is an example).

As a result, we security professionals are knowingly accepting that our computer security defenses are partial at best, while our vendors tout their solutions as incredibly accurate and impenetrable. It ain't so. We're being sold snake oil and being told it's sound, scientifically researched medicine.

What's a defender to do?

Well, push for real solutions. Take a look at how your environment and systems are being compromised on a daily basis, and push for solutions that fix those real problems. Don't get lost in the myriad promises of computer security products.

Me, I trust the vendor who tells me the truth, warts and all. I understand his product won't solve all my ills, and I know his product can't be 100 percent accurate. Avoid vendors who claim otherwise.

Related articles

This story, "Security-vendor snake oil: 7 promises that don't deliver," was originally published at Follow the latest developments in security at For the latest developments in business technology news, follow on Twitter.

| 1 2 3 4 5 Page 5