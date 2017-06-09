Subscribe / Unsubscribe Enewsletters | Login | Register

Top tips for finding the right cybersecurity products

Michael Kan | June 9, 2017
Security pros offer advice from the trenches of a noisy, hype-filled market.

cyber security fair

Having trouble finding the right security products for your business? You're not the only one.

Today's market is filled with hundreds of vendors and plenty of marketing hype. But figuring out which solutions are worthwhile can be a challenge, especially for businesses with little experience in cybersecurity.  

So we asked actual buyers of enterprise security products for tips, and here's what they said.  

 

Damian Finol, security technical program manager at a major internet firm

Businesses have to do their research. That means looking at customer recommendations instead of relying on what vendors say. Testing the security products in house is also highly advised.

"Do that due diligence, or you'll regret it," he said.

Good vendors are transparent with their products. They're also focused on hiring more security staff, and paying them well, instead of recruiting more marketers. The best ones will also be happy to train customers to run their products.

"Great security companies are concentrated not just on selling, but they're interested in supporting your enterprise, and providing consulting [and] best security practices," he said.   

 

Quentyn Taylor, director of information security at Canon EMEA

Customers should flesh out what problem they're trying to fix instead of simply wandering into the cybersecurity market without a goal, he said.

"The market is very busy. Anyone with a flashy idea, a flashy logo, can launch a product," he said.

Some security products can also be vaporware. The vendors selling them are more focused on finding a larger company to acquire them than on security, Taylor said. 

To avoid buyer's remorse, customers should approach their product search with a firm plan. "Identify what your success criteria is and tell that to the vendor," Taylor said. "And then bake that into the service contract."

"Don't be afraid to admit when something isn't working," he added. "Take it on the chin, and do something different."

 

Gal Shpantzer, a security advisor who works as a CISO for several firms

Sometimes the best way to solve a security problem is with something free you already have.

"They should ask themselves if this is something we can solve in-house with the current functionality we have," he said.

For example, system administrators can block hacks based on certain malware infection methods by disabling macros in Microsoft Office. This can be set up with Microsoft's group policy setting, at no extra cost. Shpantzer also likes to work with companies to implement proven protective measures such as application whitelisting, keeping software up to date, and other strategies like those recommended by Australia's intelligence agency.

Clients who do buy security products should be aware that not all are easy to use. Imagine a threat monitoring platform that generates a hundred alerts each day -- some false positives, some real. Do you investigate every one?  

 

