Most Infosec Pros Believe Vendors Over Hype Their Cybersecurity Products: Survey

Share post:

A lot of infosec professionals believe cybersecurity vendors torque the capabilities of their products, a new survey suggests.

75 % of respondents surveyed either agreed or strongly agreed when asked if they feel security technology vendors engage in too much hype and not enough substance, according to the survey done by the Enterprise Strategy Group and the Information Systems Security Association (ISSA).

Released Wednesday, the survey questioned 280 cybersecurity professionals around the world about their buying habits. 79 % came from the U.S. and Canada.

Among the findings:

  •  respondents said they want more industry co-operation and technology standards such as the MITRE ATT&CK framework for classifying tactics and techniques of attackers, OASIS, and the Open Cybersecurity Alliance, which develops standardized data interfaces for cybersecurity tools.
  • More than four out of five respondents agreed that open standards are a key requirement for future security technology interoperability. Additionally, more than three-quarters of respondents wanted to see more industry support for open standards;
  •  respondents said their organizations are actively consolidating security vendors and integrating technologies. They identified numerous problems associated with managing an assortment of security products from different vendors, including increased training requirements, difficulty getting a holistic picture of security, and the need for manual intervention to fill the gaps between products.
  • As a result of these issues, says the report, nearly half of organizations are consolidating or plan on consolidating the number of vendors they do business with. Additionally, more than one-third believed their organizations would be willing to purchase most products from a single vendor, especially those who work at smaller organizations;
  • respondents think of “platforms” as integrated, heterogeneous architectures based on open standards. When asked for their definition of a cybersecurity technology “platform,” two-thirds said it is an agreed-upon, standard, tightly integrated architecture provided by multiple vendors as an open suite of heterogeneous products;
  • endpoint protection platforms have the highest adoption. More than half of respondents said their organizations have deployed an endpoint protection platform (EPP), typically combining next-generation antivirus (NGAV) and endpoint detection and response (EDR). There was a much lower implementation of other platforms like extended detection and response (XDR), zero trust, cloud-native application protection (CNAPP), and secure access service edge (SASE);
  •  responses suggest SIEM (security information event management) and SOAR (security orchestration automation and response) are a foundation for platform adoption. Organizations are preparing for broader security platform use by centralizing security data on SIEM systems and bridging different technologies with SOAR-based workflows, says the report. This data indicates that SIEM and SOAR are, and will continue to be, security operations hubs, it adds.

Security technology complexity, limited efficacy of existing products and the global cybersecurity skills shortage are pushing IT leaders to consolidate security vendors, integrate technologies and openly consider security platforms instead of best-of-breed point tools, the report concludes.

It recommends infosec leaders

• push vendors toward industry standards. While there are a few established security standards “most vendors pay little more than lip service to many of these efforts,” says the report. “This lukewarm behavior would change quickly, however, if large companies pushed their security vendors toward more cooperation and industry standards adoption. Standard data formats, APIs, transport protocols, and messaging, it says, would go a long way toward easing the integration burden, which security professionals desire.

• hire or establish a cybersecurity architect role. Defining needs, assessing the current technology stack, and adopting an end-to-end security architecture will require extensive skills and experience across a range of security tools;

• establish best practices for vendor qualification. As organizations buy more security technology from fewer vendors, the report says, they should develop a more comprehensive process for all security technology procurement. This should include a list of vendor security process requirements (i.e., a secure development lifecycle, third-party risk management, security training for developers, cyber-supply chain security best practices, etc.) along with processes for continuous vendor security auditing;

• develop a three-year strategy for security technology integration. A security technology architecture may take years to establish as security teams replace point tools, consolidate vendors and integrate technologies, says the report. This process should start with a solid three-year plan that details the current security stack/architecture, defines gaps, and specifies project phases for addressing weaknesses. It’s also important to create metrics to measure benefits as independent tools begin to interoperate (i.e., MTTD, MTTC, MTTR, etc.).

Finally, the report says CISOs should communicate the three-year plan in business terms to executives and corporate boards to help them measure security efficacy/efficiency improvements and project ROI.

The post Most infosec pros believe vendors over hype their cybersecurity products: Survey first appeared on IT World Canada.

Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, April 24, 2024 – Good news/bad news in Mandiant report, UnitedHealth admits paying a ransomware gang, and more

This episode reports on the danger of using expired open-source packages, a tool used by a Russian hacking group and passw

Google Play introduces new biometric verification with a user warning

Google has recently announced updates to the biometric verification process for Google Play purchases, aiming to bolster security...

Cyber Security Today, Week in Review for week ending Friday April 19, 2024

On this episode Jen Ellis, co-chair of the Ransomware Task Force, talks about ways of fighting one of the biggest cyber threats to IT d

Cyber Security Today, April 19, 2024 – Police bust phishing rental platform, a nine-year old virus found on Ukrainian computers, and more

This episode reports on a threat actor targeting governments in the Middle East with a novel way of hiding malware is going international

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways