Comments on: Real Data Does Not Lie – Existing Security Controls Are Failing http://www.paloaltonetworks.com/researchcenter/2009/04/real-data-does-not-lie-existing-security-controls-are-failing/ The Palo Alto Networks Research Center Blog Wed, 25 Aug 2010 09:13:24 +0000 http://wordpress.org/?v=2.9.1 hourly 1 By: mkeil http://www.paloaltonetworks.com/researchcenter/2009/04/real-data-does-not-lie-existing-security-controls-are-failing/comment-page-1/#comment-413 mkeil Mon, 06 Jul 2009 17:21:37 +0000 http://blog.paloaltonetworks.com/?p=153#comment-413 Great question Scott. I think that one reason they still exist on the network is exactly as you state. They had no idea. Our customers are using the product as a means to fist learn what is on the network, then use that data to make more informed decisions. The era of blocking any strange application is gone. IT can't do that without user and/or executive backlash. Deciding what to do with applications like P2P and external proxies is an easy one. However, deciding what to do with IM, or streaming media is more of a balancing act. One is a productivity tool the other may help improve morale. Case in point. We had one customer who put our box in, started blocking many of the applications found and the influx of help desk calls was so great, they decided to increase their BW pipe AND then re-write their application usage policies around the use of these applications - making it more of a perk. They allow the applications and the scan them for threats. It is a win-win scenario. Thanks for reading. Great question Scott. I think that one reason they still exist on the network is exactly as you state. They had no idea. Our customers are using the product as a means to fist learn what is on the network, then use that data to make more informed decisions. The era of blocking any strange application is gone. IT can’t do that without user and/or executive backlash. Deciding what to do with applications like P2P and external proxies is an easy one. However, deciding what to do with IM, or streaming media is more of a balancing act. One is a productivity tool the other may help improve morale.

Case in point. We had one customer who put our box in, started blocking many of the applications found and the influx of help desk calls was so great, they decided to increase their BW pipe AND then re-write their application usage policies around the use of these applications – making it more of a perk. They allow the applications and the scan them for threats. It is a win-win scenario.

Thanks for reading.

]]> By: Scott Smith http://www.paloaltonetworks.com/researchcenter/2009/04/real-data-does-not-lie-existing-security-controls-are-failing/comment-page-1/#comment-412 Scott Smith Thu, 02 Jul 2009 20:50:46 +0000 http://blog.paloaltonetworks.com/?p=153#comment-412 I'm really surprised by the #s and don't think most IT managers have a clue as to what is really happening on their network. Fact of the matter is, most appliance-based control solutions are long on control features and lacking in true report visibility. For example, the one IT guy who said "Websense blocks all P2P activity" yet we showed him several instances where P2P activity was still active under the WS radar screen. Indeed, real data does not lie. Real data however, isn't all data and to get that real data comes an expensive price tag and many promises. Moreover, real data isn't so much the problem. It's missing data that still confronts everyone who buys an "all-in-one solution" and expects their problems to be solved. Signature-based or content-based controls are attempting to do what anti-virus vendors cannot: stop dynamic content on the fly. Patents, features and promises aside, someone --a person-- has to make a decision about everything on their network. Most IT managers, based on my experience, don't have the time or resources at their disposal to know what's really happening. If they did, why are these applications still there? I’m really surprised by the #s and don’t think most IT managers have a clue as to what is really happening on their network. Fact of the matter is, most appliance-based control solutions are long on control features and lacking in true report visibility. For example, the one IT guy who said “Websense blocks all P2P activity” yet we showed him several instances where P2P activity was still active under the WS radar screen.

Indeed, real data does not lie. Real data however, isn’t all data and to get that real data comes an expensive price tag and many promises. Moreover, real data isn’t so much the problem. It’s missing data that still confronts everyone who buys an “all-in-one solution” and expects their problems to be solved. Signature-based or content-based controls are attempting to do what anti-virus vendors cannot: stop dynamic content on the fly. Patents, features and promises aside, someone –a person– has to make a decision about everything on their network. Most IT managers, based on my experience, don’t have the time or resources at their disposal to know what’s really happening. If they did, why are these applications still there?

]]> By: Firewall 2.0 » Found On Lifehacker - an easy way past workplace security controls http://www.paloaltonetworks.com/researchcenter/2009/04/real-data-does-not-lie-existing-security-controls-are-failing/comment-page-1/#comment-411 Firewall 2.0 » Found On Lifehacker - an easy way past workplace security controls Tue, 28 Apr 2009 22:27:40 +0000 http://blog.paloaltonetworks.com/?p=153#comment-411 [...] talks a little about circumventing applications in this post, and they are covered extensively in our Application Usage and Risk [...] [...] talks a little about circumventing applications in this post, and they are covered extensively in our Application Usage and Risk [...]

]]>