taking back security

After reading far too much vendor-crap this week, and publications and reports whose basis is in the industry (“We now need to get away from firewalls and IDS and protect data…” translates into “We’ve saturated firewall and IDS markets and need to drum up the next big market to hawk our warezin…”), I’ve decided that security professionals (and IT in general) need to work hard to take back our reports. We need to wade through and chase away the ghosts of all these vendors pushing their own agendas as the next big thing, and get back to reality and what really needs to happen.
For all the hype and reports, you’d think we don’t need patch management, inventory control, or firewalls anymore. At all. Or that once these things are implemented, that’s it. Move on. Fuh-geddaboutit! Oh wait, we need to monitor and update and take care of these things and check logs and stuff? Wha…?
Yes, we need to take this all back and let the vendors shout noise at each other in the ad-driven mags. We need to make doubly sure that all this noise doesn’t blow in the face of our managers like so much thick hot air, sending them off to chase the next big thing and dragging us all with them whether it works or not.