The Vendor, The MSSPs and The Consultant

I have been waiting for quite a while to write something about my experience with vendors, MSSPs and consultants. This is my own opinion and is not targeting any specific entity. I have worked with multiple vendors, MSSPs and consultants and what I have always noticed is, the “OUR” attitude. I do understand they are here to make money and sell their services/solutions, but there is nothing wrong in sprinkling it with some honesty.

  • Vendors – Buy our products and you will be safe.
  • MSSPs – Subscribe to our services and you will be safe.
  • Consultants – Implement our recommendations and you will be safe.

We all know once you are connected to Internet eventually there would be someone to target and successfully gain access to your systems. Its not about ‘if’ its about ‘when’ (SANS GCIH). There are no “PERFECT” systems. There are ways to access air-gapped systems too. But this is beyond this article.

I see, Vendors are for detection and prevention – MSSPs are more reactive – but lot of customers and few eyes and sometimes those eyes are not much experienced – Consultants – How many consultants have actually used the product that they are endorsing/recommending – wouldn’t it be good if they are recommending a product/solution that they have actually used.

This attitude is one of the many reason why organisations get breached – ofcourse security awareness and correct implementation of security controls is also required – but imagine, if all three work together and provide honest, correct and pro-active solutions to customers, it would be a completely different picture. Also, organisations need to heavily invest on people. Lot of organisations are relying on outsourcing their security, and completely depending on them. This concept is wrong and every organisations should have security team with expertise in multiple areas internally to have additional eyes on the organisation.

Understand, our adversary – CYBER CRIMINALS – work as a team and with a strategy and we should too.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s