Hacker summer camp is over. The vendor hall of Black Hat USA was a bazaar of solutions waiting to “solve” every information security challenge you might face. There were products and services displayed on miles of conference center floors. They offered security nirvana via an easy purchase order and one-click install.
The truth is many of these vendors have incredible offerings that address complex security challenges. However, I am here to tell you a secret: the hottest security technology isn’t an appliance, service, or piece of software, but it can make each of these things better.
Are you ready? Here it is… documentation.
The oft forgotten, deprioritized and time-intensive process of creating documentation is the strongest weapon in the information security arsenal. There isn’t an out-of-the-box toolset that can anticipate your business goals, what needs to be protected, how systems communicate, or your most valuable data.
Having relevant documentation illustrating your critical systems and data will enhance any new product you may purchase in these ways:
Understanding what you need to protect and why will help you make better choices regarding the problems you’re trying to solve. You can avoid the “solution looking for a problem” trap by utilizing accurate knowledge of your environment to validate you chose the best tool for the job.
Need for Speed
Deployments go faster when you have a clear definition of what you’re trying to protect. By removing much of the design guesswork from implementing a system, you can bring new security controls to maturity faster.
How do you know your new security technology is monitoring everything it should? How do you validate controls? How do you test a new tool during a proof of concept? All these questions are answered when you have accurate documentation around your systems and technologies. Using documented knowledge, you can design tests to reduce errors that weaken your security controls.
Harder, Faster, Stronger
Documentation is security endurance. You build up the “muscle memory” that allows you to execute new technologies with less effort. You are no longer wasting energy defining the scope of your new security deployments. You can save resources for the deployment of advanced features instead of wasting time and money figuring out the basics.
No auto-magic cloud-based one-click wizard can give you the deep understanding of your environment that good documentation does. Documentation can be the difference between shelfware from last year’s capital budget and the deployment of robust mature security controls.
About the Author: Ean Meyer is an information security professional working in Central Florida. Ean’s current focus areas are PCI, SOX, Intrusion Detection and Prevent Systems, Information Security Program Management, Penetration Testing, and Social Engineering/User Awareness Training. Ean has a BS in Information Security and an AS in Computer Network Systems. Ean also holds a CISSP certification. He can be found at: https://www.eanmeyer.com
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.