Last week, I attended a week-long TippingPoint (a network-based intrusion prevention system) training class for work. Nothing particularly exciting, just your typical security vendor training. What I did find interesting, was the class was comprised of 75% TippingPoint employees, training to be part of TippingPoint’s consulting and support teams. One of them asked me, “Are you the TippingPoint guy at your company?” Nope, I’m not, it’s just one of my responsibilities at work and that’s the way I like it.
It reminded me that it’s important to be a well rounded security practitioner and learn concepts rather than tools. That means understanding how an intrusion prevention/detection system (IPS/IDS) works rather than specifically knowing only the buttons and switches for a TippingPoint device. By understanding the concepts behind an IDS/IPS, a security practitioner can move from one vendor’s IDS/IPS system to another with ease. If you’re just starting out in security, it’s critical that you absorb and understand as many concepts as possible rather than relying heavily on one specific tool. Once you understand the concepts and the pains of doing something manually, you’ll be able to work in any environment, regardless of tool.
It’s why I like vendor agnostic classes (like SANS) that teach concepts like packet analysis and incident response techniques. These are methodologies and strategies that can be applied in any environment no matter what tools you may have available. Not to say things like TippingPoint aren’t useful, but it’s important to first understand what they’re trying to do and how they work so when you don’t have a TippingPoint, you’ll be resourceful enough to use something else in its place.