hello and welcome back to revenue protection as a C so
and this module will discuss how to maximize your budget
the need to focus on the basics.
The average enterprise uses 75 security products to secure their network. 75. That's a lot. Um,
there's a lot of noise, a lot of monetary and testing
secure organization, right? It's a lot of updates to your team. Is spending or likely spending more time configuring, maintaining and telling these tools? Then they are responding the threats. This is not what defense in depth should be. This also causes alert, fatigue and burnout.
It is likely that there are tools in your environment that are underutilized and can be eliminated. Also look for vendors. Deccan offer platforms that can be expanded as your needs change.
So 75 security tools
I've definitely worked in organizations where,
you know, there was a tool to manage the tool
two security tool that managed the tool and it was kind of like dominoes. Right? Was kind of like the movie inception, like how deep can you really go?
And what ended up happening was analysts. Admissions were getting so many alerts and e mails that would create rules and just filter stuff out. And
things just will go unnoticed until they actually crash on. And that's definitely not what you want on your security team.
I'm so when you're designing and deploying tools, your procuring things,
just keep that in mind. Why am I buying this to what problem is it solving? Is it a my picking up a point solution that only solves one problem
or my looking to procure a solution that can solve multiple problems and potentially eliminate
some other tools?
Then let's talk about needs. Vs wants.
A lot of times we definitely want the new shiny, uh, the blinky boxes. That's what that's what we want. But is there a need? Um,
focus on the gaps
filled the gaps and, you know, always we don't always need new tools to fill gaps. We just need to look at what we have and implement additional controls.
Um, in the tools that we have, instead of going for the latest and greatest or what's the current buzzword? Best of breed. Right?
is there open source action?
Open source tools have come a long way. Obviously, there can security concerns about using open source tools.
Make sure you're scanning before you deploy.
Um, make sure that you have the expertise with it within your team, our in house to maintain these open source tools because they do change frequently and option and also consult with your team. Because again they're on the frontlines of technology and the trends day to day. They talk most themselves into their peers.
Um, so instead of making a ah decision in a vacuum, be collaborative
and talk to your team and ask them if they have any suggestions.
Focus on the basics
again. I know we like those blankly boxes. I love him. I love new technology, but oftentimes, you know we go after next. Gen Best of breed machine learning ai All the buzzwords.
But doing the basics can go a long way to reduce your attack surface. And it won't blow the budget
Asset management. Do you know what you have? Do you know what's on your network?
Vulnerability management. Once you discover what's on your network, is it passed? Is it up to date? Do you know,
um, does everybody have local admin? Are you enforce at least privilege. We talk about work from home earlier through all of your in points that are now in various ah people's homes and states on untrusted networks. Do they have local admin rights?
Can they just install anything that they want to,
in your corporate environments? Is your network properly segmented? Are your workstations separate from your servers? Um, you'd be surprised at the answer to that question. Maybe you would,
um How you delivering? Security awareness training.
Please tell me, is that by power Point and clicks there are great free
or next to free
security awareness training providers out there that won't bust the budget. But that'll give you a leg up on death by PowerPoint. So speak. Are you implementing the C I. A s top 10?
Ah, couple of the bullet points here that I pulled asset management of vulnerability management. At least privilege are on the CIA's list. Those are things that view an active directory.
Um, you can definitely and forth leaves privilege to a degree
within active directory asset management. There in map. Do you have em? Ascanio network in map is free. It may not be
the most intuitive to, but again
enforcing the basics. The fundamentals of security
will go a long way in ensuring the secure
delivery of services in your organization reducing your attack surface. And also, it will show that you don't always need the latest and the greatest to provide security, which in the long run
to your CFO or your finance office
that you can make do
and you did may do without a big budget. And next time around they may increase your budget.
So we've reached the end of our course.
I hope that you have, um, enjoyed it thus far. And now that you
have a better understanding of what the business suspects from the sea so how you should communicate in business language, how to identify opportunities, protect to protect and potentially generate revenue. And how to gain stakeholder by in and build trust
and how to manage needs versus wants. Thank you again for your undivided attention and until next time