LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Packaged Security Software: An Alternative To Expensive Consultants Print E-mail
User Rating:      How can I rate this item?
Source: securitypipeline.com - Posted by Vincenzo Ciaglia   
Security Security consultancies will tell you that the explosive growth of system vulnerabilities and the risks of not complying with regulatory requirements, such as the Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act (HIPAA), and the Gramm-Leach-Bliley Act (GLBA), require network architects to purchase vulnerability assessment (VA) consulting. We say, "Why bother?" Packaged VA solutions provide an affordable basis for systematic, repeatable methodologies that demonstrate compliance if used correctly (see "VA Deployment Tips" on page 49). The packaged VA solution architectures carry a common theme: They have matured to the point where inexperienced administrators can perform the sorts of security scans and analysis that were once the domain of hardcore security engineers.


What's more, they cost a lot less than VA consulting. We know, because we ran an in-depth TCO analysis of the VA products and services on the market. We priced VA solutions (see "TCO Analysis Details") that will detect and suggest ways to remediate potential application-, transport-, and network-layer holes in a company's security posture. Prices quoted here are list prices; street prices will likely be less. However, the most important items to consider are the internal costs for each solution, so we'll concentrate on those.

We found that while a consultancy's one-time scan of a large DMZ can cost between $250,000 and $350,000, that price would cover a substantial portion of a very large VA deployment, which on average runs $752,000. Third-party consulting services are most appropriate for either one-time or periodic scans and audits of key networks, such as critical servers like those in a DMZ that hold financial or confidential data.

Read this full article at securitypipeline.com

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Mobile Device Encryption Could Lead to a ‘Very, Very Dark Place’, FBI Director Says
What a hacker can learn about your life from the coffee shop’s Wi-Fi network
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.