Perimeter
2/24/2012
09:58 AM
Commentary
Commentary
Commentary
50%
50%

Don't Be Fooled By Buzzwords, Flash, And Empty Promises

Heading to San Francisco for RSA, BSides and AGC? Make sure you know how to navigate the vendor gauntlet

Click here for more articles.

Next week is going to be a busy one in San Francisco. Three conferences, America’s Growth Capital’s 2012 event, Security BSides San Francisco, and the RSA Security Conference are all next week and there will certainly be no shortage of security monitoring vendors clamoring to entice you with their technological cures for what ails your organization’s pain.

Unfortunately, there will be a handful of buzzwords to wade through and you need to be prepared to ask the right questions to understand their actual meaning. Here are some of the words to look out for while walking around the events, talking to vendors, or sitting through a presentation:

1) Next-Generation – what makes the product a "next generation" solution? Ask the vendor to clarify the product’s evolution from its previous generational state in addition to the iterative steps taken to get there (a.k.a the roadmap). Also, if the product is positioned as next-generation based on its superiority over a competing solution, make the vendor prove it. Ask for some customer references that have evaluated both solutions (without the vendor on the phone) and see if the customer can explain what makes vendor "A" more next-generation than vendor "B."

2) Big Data – has the vendor simply slapped the term "big data" onto marketing materials because their product can consume, correlate, and present lots of data? Ask the vendor how their product compares to an analytics platform that leverages big data technologies/capabilities that have been vetted by organizations with REAL big data problems. If they try to tell you that Hadoop-based or similar analytics platforms aren’t scalable, couldn’t possibly do the same job or that their flat file format works better, ask them to prove it with statistical and comparative evidence.

3) Intelligent – what makes it intelligent? Can it stop attackers, do your taxes, and make waffles? What makes this release more intelligent than previous versions? Is it simply that the product now integrates with five more third-party products than it did this time last year? Are you now able to compare the offending IP address or host to a public blacklist? Is the workflow that makes it intelligent? "Intelligent" is one of those terms that marketing people likely thought sounded less pretentious than "next-generation," but still conveyed how much better.

The ultimate question that you must ask all security monitoring vendors at conferences like these is “what makes your product more intelligent/advanced/capable than ‘xyz company’s’ product?” If the representative can’t explain it to you without drawing on buzzwords and non-committal fluff, ask for a follow-up conversation with a technical resource, ideally the CTO or lead architect, when you return to the office. If you notice the person on booth-duty leaning into a pitch, don’t be afraid to stop them and challenge what they’re saying with some questions of your own. After all, you’re there to learn about the product/service on your terms, not theirs.

P.S. For additional points, ask the person you are talking with to explain what exactly their product does in 15 words or less (something that will likely be more fun for you than for the vendor trying to explain).

Andrew Hay is senior analyst with 451 Research's Enterprise Security Practice (ESP) and is an author of three network security books. Follow him on Twitter: http://twitter.com/andrewsmhay

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
MS8699
50%
50%
MS8699,
User Rank: Apprentice
2/28/2012 | 4:11:27 AM
re: Don't Be Fooled By Buzzwords, Flash, And Empty Promises
RSA Security Conference are all next week and there will certainly be
no shortage of security monitoring vendors clamoring to entice you with
their technological cures for what ails your organizationGÇÖs pain.-á
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8142
Published: 2014-12-20
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys w...

CVE-2013-4440
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.

CVE-2013-4442
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers.

CVE-2013-7401
Published: 2014-12-19
The parse_request function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service (crash) via a URI without a " " or "?" character in an ICAP request, as demonstrated by use of the OPTIONS method.

CVE-2014-2026
Published: 2014-12-19
Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.