Now enter the TJ Maxx (TJX) data breach. According to initial reports, this data was breached over a long period of time without anyone (or any system) noticing. The lesson here is not to simply deploy more access control, more intrusion detection systems, or even more encryption, but rather that security technology by itself isn't enough. It is about taking a less reactionary approach to information security. The fact is that by continuing this reactive approach to security, organizations are guaranteed that the hackers will always be one step ahead, as they will always find the weakest link in the network security chain.

The answer is to step back and take a more strategic approach to IT risk management and be sure that the selected technology isn't chosen and deployed in a haphazard manner. Reactive IT deployment can lead to tremendous inefficiencies and management headaches. In reality, most organizations already have a decent security infrastructure. What is needed is a security information management system that can not only get the most out of these technologies, but can integrate everything from vulnerability, log management, configuration, asset, and performance data.

All technology vendors claim to offer solutions, but let's face it, if it doesn't solve a problem - it isn't a solution. A true risk management solution provides the ability to simplify operations, support compliance initiatives, reduce cost and minimize risk, and anything short of this is just technology for the sake of it.

NOC and SOC Collaboration or Simply Co-Existence
After years of operating in separate silos, recently there has been a realization that security is part of network operations. And to that end, currently there is a lot of talk of the NOC (network operations center) and the SOC (security operations center) needing to better collaborate. But, the reality is that it isn't just about getting the speeds and feeds (network) department to work hand in hand with the security folks, it is about a higher- level strategic view of information technology and risk management. This co-existence / collaboration is being taken out of the hands of these departments and increasingly being elevated to a c-level issue.