Its time for a small reality check. security does not have to cost the earth. Just because your a large corporate with over a 1000 employees doesn't mean you “have” to buy brand name security. In fact, I would argue quite the opposite, invest that money in some quality people, treat them well, and get 10 times the return on investment you planned.
lets put it into perspective. First of all, you have to accept that open source software is your friend, then accept that just because it doesn't have a “GUI” doesn't mean its any more complex. Ok, now that you have accepted an alternate reality, it is time to look at some comparisons. Lets look at some good, typically expensive security controls, typically, usually reserved for Banks, because “they have the budget for it”.
We will start with IDS “Intrusion Detection System”, specifically, the network variety (NIDS), deployed across the infrastructure, and designed to spot malicious traffic flowing across your network and highlight suspicious activity that may be happening under the radar. If you were to buy one of the very excellent and very expensive commercial solutions, on a medium size network, you could be spending 6 figures before breakfast. That's a serious hole in a security budget, so what other options exist? Well, for a start, “snort” an open source, well maintained and mature project that's been around for years. Its 100% free, and will only cost you the physical hardware and some administrative overhead getting it up and running. Its very scalable, equally configurable and its signatures are maintained by a community of experts in the field. What more could you ask for? Ok, so the reality is, in our scenario of 6 figures for the commercial solution, the free one would likely cost you 10-20K in hardware and specialist labour, but whats 20K compared to £200,000K, I know which one I would prefer to sign off.
Next, lets look at another hot topic, SIMS “Security Information Management Solution”. This is another typically large investment to essentially, analyse logs generated by the infrastructure. Again, the concept has been available in open source for years. Syslog servers shipping logs to each other with some sort of Perl analysis scripting has been around forever, and again, its just the labour and hardware costs to consider.
What about Firewalls? The staple diet of all organisations of any size. Now, these can be quite cheap or ridiculously expensive. I have built, deployed and managed most of the top end ones, and can after a career of using them, I can happily say, I would deploy a well configured “iptables” firewall in linux over a Cisco or Checkpoint any day of the week. Ok, so you don't get the nice gui with all your 200 firewalls in, but, there are options…. Gui's exist, and again, a specialist can easily make this whole concept easily manageable for any organisation. Now, if a key control for limiting the impact of a hack is through network segregation, then the ability to deploy low cost firewalls can only improve the overall security of the network
So, if I had a 1000 user network to protect, a budget of 500K and full autonomy. I would spend 100K on every open source solution available, home grow some of my own, contract a team of top class Linux / security gurus to get it all up and running, then sit back in my SOC “Security Operations Centre” and wait for the siren to go off! Of course, I would take the other 400K as my bonus 😉