Paul Lawrence at Corero Network Security on why selling security is just like a football match
When you look at IT security and the channel, you wouldn’t immediately think there were many similarities to a game of football, but the two have more in common than you would think. Most notably, it’s about how you position your players.
There are many varying channel strategies; some prefer to work with just one or two key resellers, whereas others prefer to have a large channel with numerous partners and resellers. The key to any good channel strategy is making sure that everyone is happy, and to do that you have to ensure that the players are working effectively together as a team.
In their own right both Wayne Rooney and Robin Van Persie are world class footballers, but as a pair they are formidable opponents. They work together to get the best for their team, yet there is always going to be some friendly competition to fight it out as the top goal scorer. The same can be said for vendors, distributors and resellers. Everyone wants to sell well, and by working together all three can maximise sales opportunities rather than competing against each other.
Playing a 4-4-2 against new threats doesn’t work
Just like the channel and just like football, network security architecture relies heavily on how you position your devices (players). You certainly wouldn’t want to be putting a striker in goal, and vice versa, yet as the modern threat landscape evolves, we are seeing more and more that firewalls are increasingly being used in the wrong place within the network.
Security is a complicated business (not as complicated as explaining the offside rule), but knowing where to position your players is half the battle. However, what many IT managers are now seeing is that, even with the latest and greatest technologies and with firewalls sitting in front of the network, they are still being breached. With the advancement in the sophistication of malware, Trojans and Distributed Denial of Service (DDoS) attacks, as well as unwanted traffic at the edge of the network, the issue of where to put your technology within the network comes to the fore.
No one can argue that there hasn’t been a significant rise in DDoS attacks over the last couple of years, and these attacks in particular have become alarmingly powerful as they are routinely able to overwhelm a firewall. The attacks have reached a level of sophistication that firewall technology cannot protect against as they are not designed to handle large volumetric attacks. The firewall dictates what services may be used, but not how they are used. This enables attackers to misuse the allowed services, which eventually compromises the firewall’s performance.
Just like a talent scout is constantly watching for new players, so too are competitors monitoring websites, constantly screen-scraping for the latest prices and news. Although not attacks, per se, screen scraping can have a significant effect on a network, slowing down vital services and preventing legitimate customers from accessing a site. Adding servers and upgrading firewalls won’t be able to stop this unwanted traffic.
However, that’s not to say that firewalls are not still a key part of network security infrastructure, but due to the changing nature of threats they can no longer be used on the edge of the network. Firewalls are no longer most effective as a centre forward; they are far more suited to play midfield. To protect against increasingly dangerous threats, a new ‘First Line of Defence’ is needed to play in the forward position.
Powerful and sophisticated DDoS attacks are increasingly becoming the norm, and organisations are realising that they can no longer bury their heads in the sand. But by having the right players in the right positions it’s an open goal for the channel.