The cost of “State of the Art” security
There is nothing special to it, really.
Would you think I’m going to spend hours in describing costs for different IPS/IDS systems, the cost of monitoring etc? No.
I love simple solutions, and this post will be just as simple.
The cost of the “State of the Art” security is exactly the cost of one cheap computer for each employee, and the cost of a completely separate network, tied to the cheap computers.
I’ll explain now.
How do most security breaches occur? Via browsing, via ะต-mail attachments, and via social engineering in social networks (today, yesterday it was mostly the phone).
So… in order to protect your company, what did you do until now? Yes, you purchased all these security systems, and your computers/servers/users are still being “owned” by attackers. Why? because you’re doing the silliest thing one can do in a modern dangerous world – you’re exposing your most critical IT resources to the Internet.
Separate them.
Let your users have 1 computer (or it could be virtual if your workstations are good enough) for browsing, reading e-mail, chat, etc. And let them use another computer, for access to company critical IT systems. (I will write a detailed article on this for CIO, so stay tuned for more details).
Does it cost much? No. Basically, it’s just a monitor and a cheap PC – say… 400 USD per seat, including the cost of building the separate netwrok. That is a small cost, compared to what you could lose in a breach. To be honest, I would prefer the virtual solution – but it completely depends on your environment. Just keep in mind that for the virtual one – you will need to add one additional network card in each pc or server, and still need to build the completely separated network – and use that network for the virtual machines.