Interview with Craig Isaacs hakin9 team talk to Neon Software's President, Craig Isaacs, as the company puts first things first in managing an unmanaged network.

hakin9 team talk to Neon Software's President, Craig Isaacs, as the company puts first things first in managing an unmanaged network. And find out what he thinks about the situation on IT security scene, security-oriented products and day-to-day security in life.

Hakin9 team: Would you please introduce yourself, tell us about your background in the security industry, and remind what is Neon Software?

My name is Craig Isaacs, and I'm president of Neon Software. Prior to joining Neon Software, I was involved in the data security marketplace as world-wide sales and marketing at vice president at Dantz Development Corporation, now a division of EMC.

I joined Neon Software because of a vision I shared with Michael Swan, founder and CTO: we believed we could make networks more secure if we could a) document everything connected to the network and b) make sure everything that connects to the network belongs.

Today, we make LANsurveyor with Continuous Scan IDS – the first and only

product to completely document an organization's infrastructure and provide

infrastructure-based IDS from a single point in an organization.

Hakin9 team: What do you think about the situation on IT security scene? Do you think it's developing in the right direction?

There's a tremendous amount of complexity – so much so that people are making mistakes that leave large security holes. Some products are complex in that they have a lot of false positives; others are complex in that they can't even be deployed without an army of expensive consultants.

The trend towards increasing complexity is wrong – we believe in the "KISS"

method: Keep It Simple.

Hakin9 team: Please say what you think are the success factors for a security-oriented products?

First, the products need to actually do what the vendors say they'll do. There's a lot of "datasheet-ware" out there.

Second, staying on the complexity theme: products need to be easier to use so it's more clear if there are problems. Organizations are purchasing a lot of products that are sitting on the shelf because deployment and maintenance were so painful.

Third, products need to work with the tools people are already used to using. For example, if your organization uses syslog, the tools need to push summary info to syslog. If you want SQL Server, that should work, too. Otherwise, the information derived from the security system will be lost.

A d v e r t i s e m e n t

sum:

0 €