A well-known expression says “The right people at the right place!“. I would like to extend it to the security perimeter, saying “Use the right tool at the right place!” or “Use the right tool for the right purpose!“.
Today’s security landscape is extremely large so complex! Lot of raptors are ready to deliver their products to victims, sorry customers, at any price. When you need to repair something at home, you’ll use the right tool to fix the problem: To remove a screw, you won’t use a hammer! It’s the same to protect your organizations. You have problems (called “risks”) identified by a risk assessment and you will use tools to mitigate or cancel the risk (called “countermeasures”).
My goal is certainly not here to revive a war between closed and open source solutions. I even don’t speak about commercial solutions which are often based on free code. All of them have good points and weaknesses! When you buy a commercial products, the provider has a strong engagement with you to provide support. For free solutions, bug fixes and features can be provided quickly. Working as consultant for a security integrator, we have agreements with providers of commercial solutions (which means for us: partnerships, certified engineers, etc). But we need to keep an eye on any tool (free or not) which could be reused to help our customers.
Instead of selling only a solution, you have to provide some kind of packages: a tool and the services which come around it:
- Does it fully match all the requirements?
- Is it easily integrable in the existing infrastructure?
- Is it expandable to grow with the infrastructure?
- Is it “open” to third party products?
- And if course… is it secure enough?
When involved in a project, I’m always trying to find the best tool to resolve the current issue within the defined context (security, budgets or technical). Sometimes, if the choice of the tool is not possible, I’m trying to find the best way to use it. It can be based on commercial products (like all-in-one appliances), dedicated tools or open source solutions. But the most important is the service you’ll provide!
On a pure business point of view, being just a reseller of commercial products is not profitable unless you are able to sell a huge amount of solutions “out of the box”. Such companies are sometimes called “box movers”. My opinion is the following: Every project is different. Take your time to analyze and propose the best tool with the best service! It will maybe imply a bigger budget but your customers will be happy to see a project successfully completed!