Any Thoughts on FishNet Security?

[The_Adm0n]

Hey all. I just recently got a job with an ISSP by the name of FishNet Security. Currently, I'm in more of a marketing/sales role, as my education isn't far enough along yet to nab myself a more technical position.

Anyways, I was recently mentioning to my boss some of the techie websites I visit (this site, among others), and he wondered aloud at what this kind of community might think of a company like the one I work for. So I thought, since this forum is probably the most knowledgable of any that I visit regarding networking/security, I'd come here and try to inflict a little survey of sorts on you guys.

If you don't wanna do it, no prob. If you think I'm an asshat salesman who's conducting top secret market research and trying to trick people into accepting emails & phone calls, you're wrong, but whatever. If you think it's innappropriate that I'm doing this here, just let me know, and I'll take it somewhere else. However, if you have the time/inclination to answer any of these these questions, you're honest opinion would be greatly appreciated.

K, enough blabber. On to the questions...



1. Have you or the company you work for ever worked with an ISSP (information security solutions provider)? If so, what'd you think of the whole experience?

2. Have you ever worked for an ISSP in any capacity? If so, how'd you like it?

3. If I said I wanted to put a "honey pot" in the "DMZ," would you know wtf I'm talking about?

4. If you had to name just one element that would be the single most important part of a network's/company's data security posture, what element would that be?

5. In your opinion, how important is IT security for a big corporation? A small company? A home network?

6. What kind of image pops into your head when you hear the word "CyberCriminal?"

7. Who do you think is most at risk of being the victim of a "cyber attack?"

8. In your opinion, was the hacking of the CIA's public website a big deal? Why or why not?

9. Is our country prepared for the possibility of all-out cyber-warfare? Or is this something we really shouldn't be worried about?

10. As far as FishNet Security is concerned, have you heard of them? Worked with them? Worked for them? What do you think of them?



I'd like to preemptively thank any one who takes the time to answer any of these questions. This will help settle a wager that the boss and I have.

 

[Jay_2]

This is a bit fishy if you ask me.

 

[Schro]

I find your questions to be a bit odd as many of them are outside the standard scope/service offerings of your company.

I'll answer #10. Yes. I've heard of you. Your company sponsored an ISSA meeting and provided a speaker about a year ago. At this point, I do not recall my impression of the speaker, but the beer was good.

 

[The_Adm0n]

This is a bit fishy if you ask me.

No fish. I promise.

It's just that I only ever get to talk to nose-in-the-air corporate "tech" guys who think their networks are impenetrable. I was hoping to see what the other guy thinks. Y'know, the guy who gets hamstrung by corporate guy's policies, then gets the blame when things go bad.

Again, if this sort of thing isn't kosher here, I'd be happy to delete. No ulterior motive here. Really.

 

[rocket733]

10. As far as FishNet Security is concerned, have you heard of them? Worked with them? Worked for them? What do you think of them?

I've heard of you guys but only as part of working in the information security industry.

 

[Schro]

No fish. I promise.

It's just that I only ever get to talk to nose-in-the-air corporate "tech" guys who think their networks are impenetrable. I was hoping to see what the other guy thinks. Y'know, the guy who gets hamstrung by corporate guy's policies, then gets the blame when things go bad.

Again, if this sort of thing isn't kosher here, I'd be happy to delete. No ulterior motive here. Really.

I've sat through dozens of vendor presntations over the past few years. In most cases, the food and beer were more memorable than the pitch.

Why?

Most sales folks (and the poor engineers they bring along) are trying to sell a specific product without understanding the need of the business or the risk that the product is supposed to mitigate. For example, I'm sure DLP is one of your big things to push and the first thing you'll want to do is to setup your sniffer box on their network perimeter and find all the bad stuff that is going on. You'll then hope they sign up for a point solution to stop the shenanigans that the black box showed to them. Unfortunatly, the point solution won't really address the true need, which would be more rooted in the organization's policy of understanding what data is important to their business, where it is stored, where it is transmitted and how it needs to be controlled. Once the business side of it is determined, then its more appropriate to look at tools.

You want a trusted advisor relationship. You want to bring thought leadership to your customers and potential customers. You want them to call you when they feel like they have a need. It is a much tougher relationship to cultivate but will be far more rewarding in the future.

Is that the sort of thing you're fishing (huck huck huck) for?

 

[ShadowStriker]

1. Have you or the company you work for ever worked with an ISSP (information security solutions provider)? If so, what'd you think of the whole experience?

No idea.

2. Have you ever worked for an ISSP in any capacity? If so, how'd you like it?

Nope.

3. If I said I wanted to put a "honey pot" in the "DMZ," would you know wtf I'm talking about?

Yes.

4. If you had to name just one element that would be the single most important part of a network's/company's data security posture, what element would that be?

Educating employees about risk. (i.e. No taping all their passwords under keyboard.)

5. In your opinion, how important is IT security for a big corporation? A small company? A home network?

Big, decent, meh.

6. What kind of image pops into your head when you hear the word "CyberCriminal?"

People who commit cyber crimes.

7. Who do you think is most at risk of being the victim of a "cyber attack?"

Elderly, dumb people, people who want to help Sudan Princes give them millions of dollars, and the uneducated.

8. In your opinion, was the hacking of the CIA's public website a big deal? Why or why not?

No, public site, what's there to hack?

9. Is our country prepared for the possibility of all-out cyber-warfare? Or is this something we really shouldn't be worried about?

I'm from Canada, US always sounds paranoid from up here.

10. As far as FishNet Security is concerned, have you heard of them? Worked with them? Worked for them? What do you think of them?
No, no, no, n/a

 

[C7J0yc3]

1. Have you or the company you work for ever worked with an ISSP (information security solutions provider)? If so, what'd you think of the whole experience?

Yes, one arm of my company is an ISSP. I like the people I work with, and the field is ok, however selling security is like trying to sell Ice Cream at a winter festival, there are some who want it, and don't care that they are already freezing they just want it, and others don't see the point and never will.

2. Have you ever worked for an ISSP in any capacity? If so, how'd you like it?

Kind of redundant, but yes I enjoyed it.

3. If I said I wanted to put a "honey pot" in the "DMZ," would you know wtf I'm talking about?

Put a server in your DMZ whose specific function is to lure hackers into it by being an easy target, or a target that looks like it may contain a lot of valuable information, the idea being they get in easily and it looks safe, but the reality is you have them trapped.

4. If you had to name just one element that would be the single most important part of a network's/company's data security posture, what element would that be?

A good security mindset. You can have the best security software, hardware, and policy on the books, but if no one bothers to actually follow the rules, or check the logs, what good does any of it do?

5. In your opinion, how important is IT security for a big corporation? A small company? A home network?

Extremely. I have worked with clients ranging between 2 users to 20,000 users. Everyone is at risk, big or small it doesn't matter. These days usually people aren't after your files, they are after your finances. They want your credit card info, they want your tax info, they want everything they can get their grubby little hands on.

6. What kind of image pops into your head when you hear the word "CyberCriminal?"

Just a regular dude using their skills for bad. Many of the people I work with (myself included) have at some point committed some form of cyber crime. In fact we prefer hiring these kinds of people because they generally have more expirence. They usually are also able to think more out of the box, and when attacking are usually more malicious then someone who's only background has been white hat. Cyber criminals for the most part aren't bad people, they just work for them.

7. Who do you think is most at risk of being the victim of a "cyber attack?"

Everyone. If you have any kind of online presence whether it is a website, or just a online bank account, or a email address, you will be a victim of a cyber attack at some point.

8. In your opinion, was the hacking of the CIA's public website a big deal? Why or why not?

It wasn't a big deal in the fact that the website was at a different CoLo on a different network then anything that the CIA's classified network touches. It is a big deal in that they felt that they didn't need to secure it because of the above mentioned items. If they fell down there, what else did they forget about?

9. Is our country prepared for the possibility of all-out cyber-warfare? Or is this something we really shouldn't be worried about?

Absolutely not. The DoD, DHS, and the military are not even remotely ready. Each year various security firms are invited to attack the government and see where the flaws are. Every year the government receives a failing grade. They do NOTHING ABOUT THIS! Grey hat groups have attacked the government and given them full details of the hack, and full instructions on how to fix it and suggestions on how to maintain it. The government arrests these people and DOES NOTHING TO FIX THEIR HOLES! Should we be worried about them? God yes, if someone were to launch a full scale cyber attack against the US I'm not saying that Die Hard 4 was entirely accurate, but I'm not saying it was too far fetched.

10. As far as FishNet Security is concerned, have you heard of them? Worked with them? Worked for them? What do you think of them?

Never heard of you guys, but it is possible you were at a security con I have been to. To be honest I deal more with specific people then worrying about what firm they work for. When I hire contractors I hire them based on their skill, not based on what the company behind them offers.

 

[Madnes5]

1. Have you or the company you work for ever worked with an ISSP (information security solutions provider)? If so, what'd you think of the whole experience?

I've been in this industry for over 10 years and that is the first time I've ever heard that acronym. MSP, sure. ISSP, wat? Maybe I'm old but we just called them security companies or security consultants.

2. Have you ever worked for an ISSP in any capacity? If so, how'd you like it?

I've worked for an MSSP. One of the best jobs I've had.

3. If I said I wanted to put a "honey pot" in the "DMZ," would you know wtf I'm talking about?

I'd know what you were talking about but I'd think you were clueless. Honeypots are research projects. Corporate resources are better spent elsewhere.

4. If you had to name just one element that would be the single most important part of a network's/company's data security posture, what element would that be?

Management support.

5. In your opinion, how important is IT security for a big corporation? A small company? A home network?

Sadly, the longer I'm in this industry the less important I realize it is.

6. What kind of image pops into your head when you hear the word "CyberCriminal?"

Annoying marketer.

7. Who do you think is most at risk of being the victim of a "cyber attack?"

Thats really broad. Overall, payment processors or anyone who has significant financial data.

8. In your opinion, was the hacking of the CIA's public website a big deal? Why or why not?

No. Anyone can hack a website given time and determination.

9. Is our country prepared for the possibility of all-out cyber-warfare? Or is this something we really shouldn't be worried about?

No. We should be worried. There are those who are worried and working to protect. But, you won't see the resources devoted to make significant progress until some significant event grabs the worlds attention.

10. As far as FishNet Security is concerned, have you heard of them? Worked with them? Worked for them? What do you think of them?

Yeah. They used to have a Check Point product. Then they changed direction and moved into being a "ISSP".