Do CISOs Want a Slightly Worse But Way Cheaper Version?

Do CISOs Want a Slightly Worse But Way Cheaper Version?

May 02, 2019

CISO | Security Vendor Relationship Series

This week's episode of Defense in Depth

Is the Cybersecurity Industry Solving Our Problems?

Is the Cybersecurity Industry Solving Our Problems? - Defense in Depth

 On this episode of Defense in Depth:

We question the need to always be the absolute best in everything. Sometimes slightly worst but a lot cheaper is very attractive. Co-host Allan Alford, CISO of Mitel, and our guest Taylor Lehmann, CISO of Wellforce, discuss the following:

  • Industry is just growing symptoms to core issues.

  • The cybersecurity industry is motivated by marketplace which justifies investment. As one might expect many security solutions are just hyped rather than built on innovations.

  • While many of our listeners are rather savvy, we expect most purchases are reactive rather proactive. And if this continues, then the profit-minded vendors will still deliver reactive-based solutions.

  • We've got a radical increase in problems. We're just chasing the problems by spending more money.

  • Security people know that the solution is people, process, and technology, but far too often we're looking for a 'box' to solve our problems. We don't look at the tougher challenge of people and processes.

  • So much of the security market is reactive in its purchase decision. To improve your success rate in cybersecurity you need to be forward-thinking about building out your security program and your spend.

  • One area of opportunity that not enough companies are taking advantage of is offering dramatically cheaper solutions than alternatives even though they don't perform as well. There is a definite market for those types of solutions.

  • We always lean on security products to solve our problems rather looking internally at our people and processes.

  • There is always a losing comparison between attackers and defenders. An attacker can come up with a new variant of attack in minutes to hours. Defenders in enterprises often take months to implement patches for known vulnerabilities.

Special thanks to this week's Defense in Depth podcast sponsor, Remediant.

Remediant - Privileged Access Management (PAM)

Eighty one percent of cyberattacks utilize stolen administrative credentials. Yet, legacy enterprise password vaults solve only a fraction of the problem and are difficult to rollout. Remediant's SecureONE takes a new approach to privileged access management: offering agent-less, vault-less, continuous detection and just-in-time-administration. Learn what Remediant can do in a half-day POC deployment.

Justin Berman, CISO, Zenefits on vulnerability management

Live at West Michigan IT Summit - 6/6/19 

The CISO/Security Vendor Relationship Podcast will be heading to Grand Rapids, Michigan to be the closing keynote at the 2019 West Michigan IT Summit. My co-host will actually be Allan Alford, who is also going to be doing the opening keynote for the event. Watch the video preview and register for this free event.

Mike Johnson on what not to do with pricing disclosures

SUBSCRIBE TO BOTH PODCASTS

Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.

If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.