Keep your data safe

InfoSec market at a glance

Information Security is a very complex and developing industry. Developing markets always attract entrepreneurial individuals because the uncertainty and fear of unknown translate into opportunities for huge profits. Let's face it, numerous industry regulations, compliance standards, best practices, customer requirements, and partner mandates can easily confuse an IT executive. A typical solution in this case is to employ a consultant to help deal with the challenges. But does it work? Sometimes it does, but usually, you will end up paying premium hourly rates for simple tasks that can be effortlessly executed by a college intern (examples: war driving, network mapping).

You can picture the current state of the InfoSec business as two extremely profitable markets: The black market and the white market. These two markets co-exist peacefully and they feed from the same bowl. The black market makes huge profits by harvesting and taking advantage of personal information. The opposite market -- safeguarding the data -- is not at all profitable. In fact, most of research in this area is done by a handful of dedicated professionals who often receive no compensation for their efforts. These "gray" individuals are the opposite of the black market -- this is where "armor vs weapons" analogy applies. The white market is not the opposite of black market. The white market makes their profits by identifying problems (essentially using black/grey market tools and techniques) and reporting them. The only difference between black & white markets is the way those findings are monetized: selling them back to owner versus exploiting them. The latter way is way more profitable, but usually illegal.

What does it mean for you

No company can secure your environment. You will have to do it yourself. Keep in mind that recurring network scanning and pentesting exercises do not improve your security. Malicious individuals operate differently -- they are not paid by the hour. They will not scan your environment for days and they will not waste their time by pounding at your web application for hours. The vast majority of attackers are interested in compromising large volumes of systems; they will follow the path of least resistance, reach for the low hanging fruit, and exploit a known problem. Moreover, a comprehensive penetration testing can disrupt your environment and cause collateral damages. Yes, there are sophisticated attackers who target specific data at specific companies, but it is statistically rare, and, because of exceptional skill levels, these attackers have good chances to succeed unless you take steps to protect information they are targeting, not the environment that surrounds it.

How can we help?

We preach information security. We find our satisfaction by helping others develop, implement, and operate cost-effective controls to protect information, and we are good at it. The spectrum of our customers spreads from small/medium businesses and technology start-ups to large enterprises. We truly believe that, no matter what your challenges are, there is always a way to resolve them. Let us prove it to you.