Perimeter
2/24/2012
09:58 AM
Commentary
Commentary
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Don't Be Fooled By Buzzwords, Flash, And Empty Promises

Heading to San Francisco for RSA, BSides and AGC? Make sure you know how to navigate the vendor gauntlet

Click here for more articles.

Next week is going to be a busy one in San Francisco. Three conferences, America’s Growth Capital’s 2012 event, Security BSides San Francisco, and the RSA Security Conference are all next week and there will certainly be no shortage of security monitoring vendors clamoring to entice you with their technological cures for what ails your organization’s pain.

Unfortunately, there will be a handful of buzzwords to wade through and you need to be prepared to ask the right questions to understand their actual meaning. Here are some of the words to look out for while walking around the events, talking to vendors, or sitting through a presentation:

1) Next-Generation – what makes the product a "next generation" solution? Ask the vendor to clarify the product’s evolution from its previous generational state in addition to the iterative steps taken to get there (a.k.a the roadmap). Also, if the product is positioned as next-generation based on its superiority over a competing solution, make the vendor prove it. Ask for some customer references that have evaluated both solutions (without the vendor on the phone) and see if the customer can explain what makes vendor "A" more next-generation than vendor "B."

2) Big Data – has the vendor simply slapped the term "big data" onto marketing materials because their product can consume, correlate, and present lots of data? Ask the vendor how their product compares to an analytics platform that leverages big data technologies/capabilities that have been vetted by organizations with REAL big data problems. If they try to tell you that Hadoop-based or similar analytics platforms aren’t scalable, couldn’t possibly do the same job or that their flat file format works better, ask them to prove it with statistical and comparative evidence.

3) Intelligent – what makes it intelligent? Can it stop attackers, do your taxes, and make waffles? What makes this release more intelligent than previous versions? Is it simply that the product now integrates with five more third-party products than it did this time last year? Are you now able to compare the offending IP address or host to a public blacklist? Is the workflow that makes it intelligent? "Intelligent" is one of those terms that marketing people likely thought sounded less pretentious than "next-generation," but still conveyed how much better.

The ultimate question that you must ask all security monitoring vendors at conferences like these is “what makes your product more intelligent/advanced/capable than ‘xyz company’s’ product?” If the representative can’t explain it to you without drawing on buzzwords and non-committal fluff, ask for a follow-up conversation with a technical resource, ideally the CTO or lead architect, when you return to the office. If you notice the person on booth-duty leaning into a pitch, don’t be afraid to stop them and challenge what they’re saying with some questions of your own. After all, you’re there to learn about the product/service on your terms, not theirs.

P.S. For additional points, ask the person you are talking with to explain what exactly their product does in 15 words or less (something that will likely be more fun for you than for the vendor trying to explain).

Andrew Hay is senior analyst with 451 Research's Enterprise Security Practice (ESP) and is an author of three network security books. Follow him on Twitter: http://twitter.com/andrewsmhay

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
MS8699
50%
50%
MS8699,
User Rank: Apprentice
2/28/2012 | 4:11:27 AM
re: Don't Be Fooled By Buzzwords, Flash, And Empty Promises
RSA Security Conference are all next week and there will certainly be
no shortage of security monitoring vendors clamoring to entice you with
their technological cures for what ails your organizationGÇÖs pain.-á
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-1503
Published: 2014-08-29
Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section.

CVE-2013-5467
Published: 2014-08-29
Monitoring Agent for UNIX Logs 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, and 6.2.3 through FP04 and Monitoring Server (ms) and Shared Libraries (ax) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP08, 6.2.3 through FP01, and 6.3.0 through FP01 in IBM Tivoli Monitoring (ITM)...

CVE-2014-0600
Published: 2014-08-29
FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka ZDI-CAN-2287.

CVE-2014-0888
Published: 2014-08-29
IBM Worklight Foundation 5.x and 6.x before 6.2.0.0, as used in Worklight and Mobile Foundation, allows remote authenticated users to bypass the application-authenticity feature via unspecified vectors.

CVE-2014-0897
Published: 2014-08-29
The Configuration Patterns component in IBM Flex System Manager (FSM) 1.2.0.x, 1.2.1.x, 1.3.0.x, and 1.3.1.x uses a weak algorithm in an encryption step during Chassis Management Module (CMM) account creation, which makes it easier for remote authenticated users to defeat cryptographic protection me...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.