We discuss what to consider before buying in.
The cybersecurity market is complex, to say the least. The current market has over 3500 vendors with new ones being added daily. Coupled with the fact that the threat landscape keeps changing, it’s difficult for any security or risk leaders, especially those in SMEs, to know how to navigate this environment. Does a new threat or risk require a new tool, or does a current vendor have it covered?
Vendors aren’t making it easy either — between marketing, acronym overload, and not clearly communicating what they do – it’s not surprising smaller companies aren’t confident in their decision-making abilities. Is what they have is enough, or are they really missing out on something that would provide them with a significantly better security posture?
We’ve put together some questions that can help you navigate the cybersecurity maze and decide whether your FOMO is justified.
What problem is this technology solving?
You might, understandably, be attracted to the latest AI-powered cybersecurity tool or an intelligence platform with millions or billions of data points. But what is that technology actually doing for you?
When considering any new technology and solution, it’s important to first make sure you know what you’re trying to solve or what gaps you’re looking to fill. If you haven’t yet identified what you need in your security technology, it’ll be easy to get distracted by flashy tech. Instead, take the time to conduct a thorough assessment of your cybersecurity needs and the gaps within your current infrastructure.
This doesn’t have to be overly complicated. For SMEs, we recommend aiming to have a minimum effective dose of security based on the kill chain framework.
This will help you see exactly how technology affects your security posture while avoiding the noisiness of the current vendor market. As your organization grows, these frameworks can prevent you from incorporating unnecessary technology that could overburden your department.
For example, a robust security intelligence platform might be great if you require deep visibility into complex data systems, but is that something you need?
How does this technology work together with my existing technology?
Vendor tools and solutions don’t work in a vacuum, and it’s important to know how a new tool would fit with the technology you have. This includes the technology your organization and employees use (such as email, payroll processing, data infrastructure), as well as any security technology and tools you’re using.
As you consider any new vendor or technology, think about:
- Is the technology meaningfully different from something I already have?
- Can I upgrade/improve my existing technology to achieve the same outcome or improvement in security?
- What kind of overlaps are there across my different solutions?
Even if you’re starting out fresh and looking to build your technology stack from scratch, these questions will help you understand what impact a vendor might have on your overall environment. But if you do find some overlap among tools, it’s not necessarily a deal-breaker as long as the overlap still increases your overall detection/protective capabilities. It’s about finding the right balance and ensuring all critical risk areas are covered.
For example, many cloud security vendors solve specific, smaller problems such as API security or file integrity monitoring for containers. This is helpful, but if you’re having trouble finding misconfigurations, making sure permissions are at a minimum, and aligning to industry best practices, then you should look for a solution that can tackle more than just one thing.
In the case above, employing a single solution, or just a few solutions, would be much more efficient and cost-effective than having multiple pinpointed solutions that overlap on a single risk area.
What resources will this technology use?
The true cost of a technology isn’t just the cost of the license but includes the level of effort it takes to implement and operationalize. If the onboarding process requires resources across multiple departments, it may be an uphill climb. Ultimately, if you can’t support a technology to its fullest potential, then is it worth having?
When considering any new technology, here are some of the resource-intensive tasks you should take into account:
- The evaluation process: Not only is your department responsible for evaluation but it will also involve other internal stakeholders including IT, legal, and possibly the HR teams.
- Onboarding: The onboarding process will require IT and engineering to be involved depending on the technology and what it’s securing or protecting.
- Implementation/rollout: Is this a company-wide rollout that affects most or all employees? Then it’s going to be a grand undertaking that will require multiple departments working in tandem.
- Training: Who’s responsible for training if this is a technology that will interact with all your employees? Who’s responsible for following up and ensuring it’s being utilized (and utilized correctly)?
- Ongoing monitoring and maintenance: Even if your solution is only being used by your department, it’s still likely to take up your department’s time and that’s a key factor to consider.
Discover the full cost of a prospective solution to really assess if it’s the right fit for your organization.
How much dedicated security experience is needed for this technology?
Some technologies are complex to manage and require a full team of security experts and analysts to maximize their capabilities; others require minimal experience. Those two factors, combined with the setup of your security department, can heavily impact the decision about which technology you might want to bring onboard.
It would be unlikely for SMEs to have large IT security teams or a dedicated SOC (Security Operations Center). If the technology you’re considering requires a high level of security expertise, think carefully about how you plan to support it, and if it makes sense to bring on new resources or outsource it.
For example, an Endpoint Detection and Response (EDR) solution is highly recommended to defend against advanced attacks as it allows for rapid response while including the ability to remove an attacker's access. However, those kinds of actions require a deep understanding of threats and incident response — in this scenario, the wrong action could tip off an attacker and actually lead to more damage.
So, while an EDR solution is a good idea, you have to make sure your department has the capabilities to utilize it.
Overcome your FOMO and don’t get distracted by technologies you don’t need
It can be challenging not to get distracted by the latest and greatest shiny new technology available on the market. New vendors with various claims are popping up every day and it’s difficult to know what will really be of benefit to your organization versus what’s just going to be another flash in the pan.
If a technology requires too much experience, time, or dedicated staffing; then it may not be the right solution, regardless of its features. This is especially important for SMEs that often have minimal resources and virtually no security staff. If you make too many purchases, you may find yourself in a challenging environment having to navigate multiple tools and vendors, further burdening your department.
This is why we recommend working with an MSSP partner that serves as an outsourced security arm. A modern MSSP, like SolCyber, enables SMEs with limited cyber security resources and experience to become resilient against the most sophisticated threats.
Straight off the bat, SolCyber brings its own curated set of technologies that offer
s you the security you need plus a SOC to keep an eye on things 24/7. And, when the future requires it, SolCyber can also provide you with support and guidance as your company grows and scales. In short, you will never need to have FOMO again!
To learn more about choosing an MSSP, check out our eBook here.