When the money is gone
This year we’ve had to take a chainsaw to our security budget and jettison literally everything except maintenance upkeep.
This presents a good opportunity to go through and clean house. One of the things I’ve started is to bring all appliances to the same software version, across the board. Another thing I’m doing is auditing configs and ensuring all security devices and appliances are syncing time and are all on GMT time zone, which makes event correlation much easier across disparate devices.
I’ve also been tuning HIPS rules and looking for places to be more creative with protection (like web browser protection rules).
This is also a good time to audit OS patching mechanisms, insuring that all hosts are checking in, downloading and installing all updates, etc. The same goes for your AV software.
Lastly, this is a great opportunity to either audit existing policies are start implementing new ones. One of the biggest hurdles in implementing policies is the flaming, bureaucratic hoops that have to be jumped through in order to get a policy implemented. Now that we have no money to purchase new gear, I can focus more time on that.
