Following on from my last post, I've had a lot of comments suggesting various technologies for firewall monitoring and application scanning, but absolutely nothing on endpoint security.
Funny that, but I'm wondering exactly why. Is it maybe because you all assume I know enough about endpoint security to make my own decision? I think not. Is it because endpoint security is totally irrelevant to our current situation? Again, not very likely.
What I think is more likely is that it's still just too early for anyone to really have the requisite experience of these technologies to have a real opinion yet. Certainly my conclusion on the project is that we should wait. Although the action to get something to protect our endpoints came from an audit, I believe we can mitigate the risk sufficiently to pass the next audit until the endpoint/DLP market has settled down, and therefore 'sweat the assets' a bit more. I hope the business would appreciate that thought.
Therefore it follows that the project I got most feedback on - web app scanning - should be the one I concluded was the most important. Incredibly, it was. My suggestion is to make it into a real project, but try to get our outsourcer to swallow some of the cost as they do our solution design. I like the idea of getting something that checks sourcecode too, so that will form the next part of my project.
Which leaves us with the firewall monitoring. One comment, which predicted the technology which has already been suggested to solve the issues we are facing. The problem and the solution were suggested by the operational security guys, so I've suggested we pass ownership of the whole project back to them... seems simple enough.
What's really pleasing is to get my ideas out and validated by the great and the good. Glad to be back and blogging...