What Questions to Ask When Choosing Your Security Solution
Joshua Skeens, CTO, December 23, 2019
Recently, I spoke at a cybersecurity conference, and between talks, I decided to wander through the vendor area. As I was walking through this vast, crowded room, I had a thought: How do businesses who don’t specialize in IT or cybersecurity know what they need and what product or products to choose?
This conference wasn’t very large, but there were still hundreds of vendors, each claiming that their product was the best. Do you need a SIEM solution? Great, there are dozens of companies that offer those. What about an antivirus or firewall solution? Here are ten different options. I have over 20 years of experience working in IT, and even I found the sheer number of options overwhelming.
Choosing the Right Solution For Your Needs
How do we, as businesses, make decisions on what we need and who to turn to for those solutions? To help you make the best choices for your business, there are a few questions you should be asking every time you need to make a decision about your cybersecurity posture.
What Are My Goals?
You can’t pick the right product if you don’t know what you need it to do. Before you begin looking at new products or solutions, you should determine your goal and state it clearly. I’ve encountered a lot of companies that want to “improve their security posture,” but don’t have a real plan in place to do so. Without a concrete, actionable goal, you may end up spending more money than you planned and get a solution that still doesn’t fully meet your needs.
What Will Solve My Problem?
To find the right solution for your problem, you need to be able to identify what exactly your problem is. Maybe you’re running old antivirus software and desperately need an upgrade. You may be tempted to grab the first product you see that has good reviews, but there are other factors that need to be considered.
For example, if you’re selecting a new endpoint program, you need to make sure that they will smoothly integrate with your existing systems and appliances and make sure that the solution you choose can reasonably be managed and supported by your team. If you need a solution that is larger than your team can currently handle, you may want to consider accessing more extensive training for your team or outsourcing and assess the costs and benefits of each solution.
Test Drive Your Options
You likely wouldn’t even consider buying a new car without test driving it first, so why would you purchase a security product without testing it first? Any good vendor will allow you to test their product, either as a proof-of-concept or a pilot. Whenever possible, try running a test in a small production environment (not just a lab) before you commit to the sale.
Consider the Vendor’s Reputation
Online reviews, as well as suggestions from peers or colleagues, can help you gain a better understanding of both an individual product and the company behind it. However, don’t rely on reviews alone. Make sure you do your own research, and if something doesn’t feel right, you should err on the side of caution and move on.
Whenever possible, avoid being an early adopter. Wait until a product has been in production for a few years and then decide if it’s the right solution for you.
Be Honest With Yourself
Not everyone is an IT or cybersecurity expert, and there’s nothing wrong with that. You may start looking for answers and discover that you’re in over your head. If that happens, be honest with yourself about your struggles. If you find yourself in a situation where you feel overwhelmed, reach out to a colleague, peer, or expert who can help.
It’s always better to ask for help and find the right solution than not ask and be wrong.
To help you get the answers and support you need, we offer solutions tailored to the needs of a variety of industries, including:
What are Some Red Flags I Should Look For?
Does This Product Seem too Good to Be True?
I’m always suspicious of any company or product that claims to “do it all.” When it comes to cybersecurity, there’s no such thing as a silver bullet. No product or vendor will ever be able to catch and stop every single attack.
How Experienced Is This Vendor?
In a perfect world, every product would work perfectly and integrate seamlessly with every other product. However, in reality, each business and each scenario is different, so there’s no such thing as a one-size-fits-all approach to cybersecurity. In my experience, there’s a reason that companies specialize in a particular area (such as switches, antivirus software, or firewalls). They’ve determined what they do best, focused on that, and in some cases, do it really well. That doesn’t mean that a company that started out as an antivirus software company can’t be good at creating firewall solutions. Still, when you choose a company that has been a leader in the industry for years, your chances of getting a comprehensive and robust solution typically increases.
Does This Product Play Well With Others?
One of the benefits of sticking with a single vendor for all your cybersecurity needs is that you can reasonably assume that all their products will integrate seamlessly with one another. However, just because all their programs play nicely together doesn’t mean that you’re more secure than if you had purchased programs from a variety of different vendors. Though some vendors out their claim to do it all, I’ve found that some of their solutions don’t integrate well at all, and can end up causing more problems than they solve.
The Cybersecurity Must Haves For All Organizations
Though there isn’t a one-size-fits-all solution when it comes to cybersecurity, there are a few things every organization should be doing to improve their security posture.
Security Awareness Training
Security awareness training isn’t a product in the same sense that antivirus software is, but it still plays a critical role in every organization’s cybersecurity solution. Training your employees means reinforcing your first line of defense, and gives you more trained eyes on the ground to look for signs of trouble.
It doesn’t matter how great the lock on your front door is; if you don’t lock the door, criminals can still break in. A robust yet flexible tailored endpoint security strategy can help safeguard your organization’s digital assets, keep out unauthorized users, and, should a device become infected or compromised, isolate and protect the rest of your network.
Firewalls may seem pretty basic, but modern firewalls are an important line of defense. Modern firewalls are application aware, can scan your network traffic for suspicious activities, and can integrate seamlessly with your endpoint security solutions.
You need to have eyes on all areas of your network at all times. This means more than just log aggregation and monthly log reviews. For true insight, you should consider getting a full flow, machine learning driven SIEM (Security Information and Event Management) solution that will correlate events from all devices on the network and alert you to potential problems before they become actual problems. SIEM has come a long way from its logging roots, and will now integrate with your endpoint and firewall solutions to detect suspicious behavior on your network and either take action or isolate potentially compromised endpoints.
When it comes to determining which products are right for your business, there’s no comprehensive checklist. As new products continue to pour into the market every day, some current products will be replaced or rendered obsolete, or improve substantially to remain competitive.
At the end of the day, we’ve got your back. The IT and cybersecurity community is filled with knowledgeable individuals always willing to lend a hand. If you’re feeling lost or confused, or just need some good advice, you don’t need to look far to find someone willing to help.