Australian companies are still missing the mark when it comes to IT security, struggling with individual technologies such as antivirus solutions and running software patches instead of shifting the focus to risk assessment and holistic infrastructure design.
As most vulnerabilities are known and there is only a small percentage that are exploited, TruSecure Australia and New Zealand vice president Anthony Turco believes the focus should be on risk assessment processes and policies developed from extensive security research and historical data.
Turco said TruSecure employs a methodology that is individually tailored to suit the enterprise based on what products are already deployed although the IT security services company can help design infrastructure changes.
"We undertake network testing and do a risk assessment that covers everything from the desktop through to physical security. For example, if you have a firewall we advise on how it can be configured to take into account certain things," he said. The list of essential practices include ensuring that proxy servers and mail filters are properly configured, which can reduce security threats by 20 times.
"You can outsource your firewall and intrusion detection system (IDS) and have it managed by a vendor, but that doesn't reduce risk; hosted services are simply a point solution just like a technology that addresses an individual issue," Turco said.
"We do not sell products; we are not like IBM or CA which come, in do an assessment and then offer product solutions; we get the enterprise to a certified level and then do two re-assessments during the year with analysts going on-site as well as an external assessment four times a year."
Last month TruSecure acquired Vigilinx, including the security intelligence product IntelliShield which combines workflow features with a database of threats and vulnerabilities and customised filters to provide early warning alerts to customers. IntelliShield can be customised to the technology and applications the customer has already deployed.