This is an exceedingly useful article from IT Security. For the past couple of decades, security professionals and those trying to push various forms of malware have played a high stakes game of cat and mouse. Consequently, many approaches to data security have emerged, each protecting against one strain of vulnerability. This complex mosaic of solutions means that one security tool can overlap with another. One layer up are approaches — such as network access control (NAC) — that federate the localized products into a more comprehensive offering.
The article attempts to make some sense of this highly fragmented environment; it poses nine questions that those in charge of security should pose to vendors, integrators or other experts. The writer doesn’t advocate a particular approach. Rather, he is laying out the first step in suggesting to businesses how they can find out how the various approaches available (for instance, white listing, access control programs and behavior-blocking) can be harnessed in a flexible and efficient manner. The piece describes what each does and whether one makes another unnecessary.
The story offers no answers. Its usefulness is in helping those charged with protecting organizational data — but perhaps untrained in the niceties of security — to start organizing their thinking.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment