Over the weekend, I read an article from the New York Times discussing a new IT security product from Vectra, based in San Jose, CA. Not sure if it was just a high priced commercial, but the article discusses how having a layered strategy when it comes to IT security is not enough. We at Precision IT Consulting preach to our San Francisco Bay Area clients that just having AV or a firewall is not enough, you need to implement other security measures such as: end-user training, password policies, vulnerability management, automated patching, AV, and firewalls. According to Vectra, this is still not enough because firms that lock down everything spend most of there time chasing false positives, updating software or getting users access to the network. I do not necessarily believe this, especially with our clients which are Small to Medium sized businesses. This may be the case for enterprise sized organizations, but not in the SMB Space since much of this can be automated. In any case, we do believe Vectra would be a great fit on top of everything we are currently doing as it would give us the ability to see what is really going on within a network if it does what it claims.
To learn more, review the following article from the New York Times: http://bits.blogs.nytimes.com/2014/08/30/getting-a-clear-picture-of-a-computer-networks-security/?ref=technology
Interview with Vectra CEO on Bloomberg: http://www.businessweek.com/videos/2014-08-05/the-security-firm-backed-by-condi-rice-jerry-yang