Cybersecurity Products Rarely Live Up To Marketing Claims: RSA Panel

A panel at this week’s RSA Conference argued that 90% of security buyers aren’t getting the efficacy from their products that vendors claim they can deliver.

Slashdot reader storagedude writes: Joe Hubback of cyber risk management startup ISTARI led both the panel and the study, which was based on in-depth interviews with more than a hundred high-level security officials, including CISOs, CIOs, CEOs, security and tech vendors, evaluation organizations and government organizations.

Hubback said that “90% of the people that I spoke to said that the security technologies they were buying from the market are just not delivering the effect that the vendors claim they can deliver. Quite a shocking proportion of people are suffering from technology that doesn’t deliver.”

A number of reasons for that product failure came out in the panel discussion, according to eSecurity Planet, but they can be boiled down to some key points:

– Cybersecurity buyers are pressed for time and most don’t test the products they buy. “They’re basically just buying and hoping that the solutions they’re buying are really going to work,” Hubback said.

– Vendors are under pressure from investors to get products to market quickly and from sales and marketing teams to make aggressive claims.

– On top of those pressures, it’s difficult to architect tools that are effective for a range of complex environments – and equally difficult for buyers to properly assess these “black box” solutions.

Those conditions create an information asymmetry, said Hubback: “A vendor knows a lot more about the quality of the product than the buyer so the vendor is not incentivized to bring high-quality products to market because buyers can’t properly evaluate what they’re buying.”

Hubback and fellow panelists hope to create a GSMA-like process for evaluating security product abilities, and he invited RSA attendees to join the effort.

Source link