We believe in truly understanding our clients risks and pressures before recommending any services. This helps in every stage of the engagement. A high vulnerability in one business may not be relevant to another. Only through understanding your business can we help give management relevant actionable advice.
People always come first. There is no silver bullet piece of technology, hardware or software that can solve your information security woes. No “automated” tool or compliance checking software will allow you to sleep better at night without a trained administrator behind the keyboard.
Does your company have defined procedures in place that your administrators can follow? Have you documented the risks and defined the controls needed to mitigate those risks?
Finally, research multiple vendor solutions. Again, there is no silver bullet. There is no perfect security. Do not forget to account for the people costs in any security product/solution.