Don't Be Fooled By Buzzwords, Flash, And Empty PromisesHeading to San Francisco for RSA, BSides and AGC? Make sure you know how to navigate the vendor gauntlet
Next week is going to be a busy one in San Francisco. Three conferences, America’s Growth Capital’s 2012 event, Security BSides San Francisco, and the RSA Security Conference are all next week and there will certainly be no shortage of security monitoring vendors clamoring to entice you with their technological cures for what ails your organization’s pain.
Unfortunately, there will be a handful of buzzwords to wade through and you need to be prepared to ask the right questions to understand their actual meaning. Here are some of the words to look out for while walking around the events, talking to vendors, or sitting through a presentation:
1) Next-Generation – what makes the product a "next generation" solution? Ask the vendor to clarify the product’s evolution from its previous generational state in addition to the iterative steps taken to get there (a.k.a the roadmap). Also, if the product is positioned as next-generation based on its superiority over a competing solution, make the vendor prove it. Ask for some customer references that have evaluated both solutions (without the vendor on the phone) and see if the customer can explain what makes vendor "A" more next-generation than vendor "B."
2) Big Data – has the vendor simply slapped the term "big data" onto marketing materials because their product can consume, correlate, and present lots of data? Ask the vendor how their product compares to an analytics platform that leverages big data technologies/capabilities that have been vetted by organizations with REAL big data problems. If they try to tell you that Hadoop-based or similar analytics platforms aren’t scalable, couldn’t possibly do the same job or that their flat file format works better, ask them to prove it with statistical and comparative evidence.
3) Intelligent – what makes it intelligent? Can it stop attackers, do your taxes, and make waffles? What makes this release more intelligent than previous versions? Is it simply that the product now integrates with five more third-party products than it did this time last year? Are you now able to compare the offending IP address or host to a public blacklist? Is the workflow that makes it intelligent? "Intelligent" is one of those terms that marketing people likely thought sounded less pretentious than "next-generation," but still conveyed how much better.
The ultimate question that you must ask all security monitoring vendors at conferences like these is “what makes your product more intelligent/advanced/capable than ‘xyz company’s’ product?” If the representative can’t explain it to you without drawing on buzzwords and non-committal fluff, ask for a follow-up conversation with a technical resource, ideally the CTO or lead architect, when you return to the office. If you notice the person on booth-duty leaning into a pitch, don’t be afraid to stop them and challenge what they’re saying with some questions of your own. After all, you’re there to learn about the product/service on your terms, not theirs.
P.S. For additional points, ask the person you are talking with to explain what exactly their product does in 15 words or less (something that will likely be more fun for you than for the vendor trying to explain).
Andrew Hay is senior analyst with 451 Research's Enterprise Security Practice (ESP) and is an author of three network security books. Follow him on Twitter: http://twitter.com/andrewsmhay