7. Users fail to install/deploy the product correctly
If you've ever had trouble installing a home appliance, and yes, most of us have, why should a security appliance be any different? Many IT departments pinch pennies by skipping the vendor's training sessions or eschewing its implementation consulting services, just like those of us who don't like to follow the instructions when they install a new garbage disposal. And the results can be egg (or other messy foods) on your face.
"The most common mistake I've seen with security products is that the customer installs them using the default configuration, without adding any new policies to address their specific environment," says Chris Roeckl, vice president of corporate marketing at Fortinet and another grizzled veteran of multiple security companies. "This is particularly true at small companies, where people sometimes feel that they don't have any special needs, or that they don't have the skills to do the configuration. But most security products are made to fit the customer's specific policies -- to some degree, you have to tell it what to do."
Brian Foster, senior director of product management for Symantec's end point security group, concurs. "A high percentage of threats are successful because the end points are not properly configured," he says. "If it's not set up in the right way, it's not going to work."
Foster gives the example of the Blaster worm, which infected many systems through open ports. "One of the basic best practices that companies should always follow when they install a device is to turn off ports that aren't being used," he says. "That's not even a function of the security product itself -- it's just good IT policy. But in that case, a lot of companies hadn't followed it, and they paid."
Be sure you set up your security products to record their activities as they occur, advises Sword and Shield's Griffin. "When we go in to troubleshoot a problem, one of the most frustrating things is when the client has a security product, but has failed to turn on the audit functions, such as data logging," he says. "When that happens, we can't tell how the product was used or how it behaved during an incident."
Bottom line: Be sure you've configured your new products correctly for your specific environment. If you don't know how, ask the vendor or an expert consultant to help with the implementation. Installation mistakes are often a reason why products fail to operate correctly when a threat occurs.
