Ely Pinto, an expert gives his take on common challenges in the financial services sector, and explains how the reporting features in Nexpose help prioritize key risks – so organizations not only have proof that risk exists, they also know what to fix and how to fix it.
My background involves sending security policies and strategies, designing solutions for security, and specifically around vulnerability assessment, risk assessment, penetration testing, and forensic investigations.Show more Show less
I think that in any large institution, there is such an inundation of data and so many different things that we need to look at and address that that becomes very challenging. Knowing how to prioritize and knowing what to tackle first becomes really difficult.
In the finance sector, like in any sector, it is important for software to be easy to use, have great interfaces, have lots of automation. But with security specifically, I think it's important to have tools that help you sift through the data. And we are inundated with so much data, so being able to prioritize, helping prioritize what are the most important key risks that need to be addressed right away is crucial and extremely valuable.
Dealing with the end users, dealing with business units specifically and even other IT units, the biggest challenge is being able to show them that the work that we do is not a hindrance. It's an enabler. And you can't really do business today without a proper information security framework.
One of the amazing things that Nexpose brings to the environment is that it does create two types of reports, a whole spectrum of reports, ranging from the audit reports that tell you exactly what it is that needs to be fixed, how to fix it, here's the proof that this vulnerability and this risk exist in your environment, all the way to the opposite side of the spectrum where here's a two-page executive report that you can give to someone that's non–technical to look at and say this is where we're trending in information security, and this is where we need to go, and this is why we need funding, why we need resources in order to address these particular threats and risks.
I think fast incident detection and investigation is really the most important factor when it comes to looking at security solutions. That is the only thing that allows us to assess and to deal with immediate threats that are happening right now.
The only other thing I would share is that it's been really great working with Rapid7. The products are great. We use Nexpose and Metasploit extensively. And I don't think that we would be able to really support the security in our infrastructure without them. The support staff has been really great. We know we can count on them whenever we need to, and professional services as well. So thank you Rapid7.