The information security landscape is evolving daily and it seems like there are just as many products out there as there are exploits. For example, there are intrusion detection systems (IDS), intrusion prevention systems (IPS), file integrity monitoring (FIM), data loss prevention (DLP), next-generation firewalls, anti-virus, anti-malware, email gateways, honeypots, and even products that use artificial intelligence and behavioral analytics to find threats on your networks.
With all the potential solutions out there, it’s easy to get overwhelmed when all you really want to do is protect your network and ensure maximum availability. I’ve seen many approaches to securing a network, from the easy-but-extreme example of air-gapping a network, to going overboard and purchasing as many security products as possible. In security, as with anything, you must strike a comfortable balance between securing your network and not interrupting your users’ workflow while still balancing budgetary concerns and time constraints.
I saw a need for someone in security to strike that balance, cut through the FUD (Fear, Uncertainty, and Doubt), which is why I submitted my article “Malware and How to Deal With It” to the ISSA journal. It was selected for publication for the Journal’s July 2015 issue as well as one of the four best articles of 2015 for the December issue. I hope you enjoy reading it as much as I enjoyed writing it.