Security on a ShoeString Budget

CIOs, CFOs, COOs and others take notice! Don’t let your security techno-weenies drive your budget into the ground. In these times of severe budget constraints that continues to grow, there is no need to go out and purchase the latest and greatest just because somebody likes to play with toys (and never really deploy them right and completely with full process, procedure, metrics, training, escalation procedures, troubleshooting, maintenance, logging, etc.). 

There are a bevy of open source tools in the marketplace that can secure your environment from discovery of assets and management thereof to configuration management, encryption, anti-spam, anti-virus, bot hunters, NAC, IDS/IPS (network and host), VPN, application scanners, vulnerability scanners, wired and wireless sniffers, SSL, SSH, sFTP, firewalls, virtualization, monitoring, mapping, analysis, automated incident response (SIEM like), honeypots, remote control and more.

If your security department says they cannot deploy a network access control solution, tell them they are not being innovative enough and send them to the link below. They can do it. If they tell you then need a half million dollars for whole disk encryption or something to find bots, tell them they are full of you know what and send them the following link:  https://www.treadstone71.com/corpinfo/security_on_a_shoestring_budget.htm

Even though budgets are being reduced your risk posture can actually improve. It is not without risk and it does take some study, work and the ability to apply concepts and technologies but don’t let anyone tell you that it cannot be done.

Linked here is a listing of many of these tools. Feel free to add more on this blog or send me an email with more I can add to this list. 

It’s time to break the concept that you have to spend precious dollars to security what is important to you.