The responsibilities of network administrators and security managers at mid-size companies today can seem like an “no win” situation. They are accountable for securing their organization‘s network technologies with limited budgets and even more limited staff resources. Meanwhile, their network technologies are constantly evolving just as new and more deadly threats emerge almost daily. They must also create and maintain security policies and ensure that these policies are carried out to demonstrate regulatory compliance and avoid liability risks for their companies.
Finding solutions to help manage these challenges creates another dilemma for IT directors and managers. The sheer number and variety of network security products and services can be overwhelming—not to mention the cost and effort of implementing these vendor offerings.
As described by eWeek columnist Larry Seltzer: “Just imagine if you were actually to implement all the security products that you can‘t, of course, do without,” he says. “There‘d be no money left for lunch, let alone the actual applications to do work with. And all of them create some new administrative burden for which you probably don‘t have bandwidth…How can you sleep at night knowing you‘re exposed due to your dereliction in not implementing these critical security systems?” (1) However, throwing up your hands in frustration and doing nothing is not an option because the internal network security risks is simply too great.