You have to lock the doors before you put the burglar alarm on - Blue Cube
VAR claims security basics are sometimes overlooked in favour of advanced security protection
Resellers need to make sure they are addressing basic security issues and not just focusing on advanced threats, according to security VAR Blue Cube.
Blue Cube sales director Rob Swainson claimed that while resellers need to work with end users to protect them against advanced threats, this should not be at the expense of security fundamentals.
"There is an enormous amount of new technology coming into the market, partly because of the focus and investment going into cybersecurity, and we've all seen the hype that comes with that and new vendors hitting the market," he said.
"But you have to step back and think, 'it's great putting all this advanced next-generation stuff in, but have you actually locked all the doors in the first place before you put the burglar alarm on?'"
With this in mind, West Sussex-based Blue Cube has launched a marketing campaign, in conjunction with several of its vendors, looking to help organisations address the basics.
Swainson explained that the campaign focuses on six areas of security: perimeter security and network segregation; malware; vulnerability and patch management; identity and access; security configuration management; and management of keys and certificates.
"A number of these basics leave doors open which means that, yes, you are going to get some return on investment for the advanced technology, but if you make sure you have the basics in place then your attack surface is significantly reduced, which may mean organisations need to invest less in advanced technology because they've shut the door."
Blue Cube is working with Fortinet, Malwarebytes Flexera, RSA, Thycotic, Tripwire Gemalto and Entrust on the project.
Dale Vile, research director at analyst Freeform Dynamics, told CRN that some in the security sector are guilty of focusing too heavily on advanced protection, which leads to a slip in standards for the basics.
"The problem is not so much that people think the basic stuff isn't important, I think they're just complacent," he said.
"We find that they spend all their time and energy on the advanced stuff, on the understanding they're probably alright on the basics.
"The problem is that nothing stands still in security so you may have been alright last month or three months ago, but that doesn't mean you're alright today, so the basics need constant refresh and occasional investment as well as the advanced stuff."