Buying cyber security products is not only expensive, it is also terribly complex and fraught with opportunity for failure. If you buy the wrong product, you may find your network incorrectly protected and your company committed to an expensive, long-term relationship with a vendor that does not meet your security needs.
The choices are bewildering. Here is a partial list of just the CATEGORIES of cyber security products available to you today:
Anti-virus | Information assurance | Security communications |
Application security | Intranet technologies | Security devices |
Authentication | Intrusion detection | Security standards |
Biometric products | Intrusion prevention | Secure email gateways |
Communication security | LAN security | Secure web gateways |
Data loss prevention | Log management & monitoring | SIEM |
Database security | Malware intelligence | Smart cards and services |
Endpoint protection software | Mobile security | Social media security |
DNS security | Next generation firewalls | Tokenization |
Email security | Password protection | Threat assessment |
Encryption products | Penetration testing | Unified threat management |
File security | Public key infrastructure | Vulnerability assessment |
Firewalls | Removable media security | Website security |
Identity access management | SCADA security | Wireless network protection |
IDS/IPS | Security awareness training |
NOTE: If the vendor assessment process is handled correctly, it should eliminate one of the greatest threats to good purchasing decisions...VENDOR BIAS. In way too many instances, IT personnel tasked with vendor assessments are over-worked and unprepared to correctly and thoroughly analyze cyber security vendors. Therefore, it is natural for people to take the course of least resistance, and that is to work with vendors they already know. Most times this means that you don't get the best products for your requirements--or the best value for your investment.
"62% of C-level executives, general counsels and
risk managers said of all possible threats, data breach and/or security
failure would have the biggest negative impact on their company of all
threats."
--Pillsbury Winthrop Shaw
Pittman and Levick Strategic Communications