Over the past decade, the cybersecurity market has exploded, and growth remains brisk. Cybersecurity Ventures expects that the cybersecurity spending globally will reach $1 trillion by 2021, up from an estimated $120 billion this year.
Despite this increased spending on security products and services, when it comes to protecting their digital infrastructure, organizations are struggling to stay ahead of the bad guys. One reason is a lack of due diligence when evaluating new vendors and their offerings.
The fast-growing market makes due diligence challenging, causing many organizations to cut corners they later regret. One common mistake is to base purchasing decisions solely on vendor claims.
Evaluating Claims vs. Proven Performance
Vendors are biased toward their own capabilities — and it’s understandable that they are enthusiastic about their products. But for customers, an unbiased and impartial review is a much better assessment tool than any marketing information.
An impartial and critical assessment can be provided through independent, third-party testing. Leading test companies such as NSS Labs stack up solutions from different vendors to see how they compare. Reviews are based on tests of products operating in real-world environments under unbiased conditions.
A transparent third-party evaluation helps cut through the noise of marketing language. But not all reviewers are created equal, so you need to understand how they operate before using their reviews.
Some of the criteria for a reliable test include:
- Conducted by a company that specializes in that industry
- Provides in-depth testing and analysis and uses transparent, clearly defined methodology that’s open for vendor input
- Doesn’t charge the vendor for the independent review
- Uses quantified criteria and real-world testing environment
Evaluation Mistakes to Avoid
A Forrester research study of IT security purchasing cited by Fortinet found that 71 percent of those who purchased a next-generation firewall would do more comprehensive evaluation and testing if they could have a do-over. Additionally, 61 percent said they would consider a broader selection of vendors next time.
To avoid this kind of sentiment and any regrets related to the purchase of your security products, don’t make these mistakes:
- Not consulting an independent source: Use a third-party, reputable, objective source such as NSS Labs to understand how the vendor’s product performs.
- Not conducting a trial run: Test the product in real-world scenarios and traffic to make sure all the features meet your needs. This can be done in-house or by outsourcing to an independent testing lab.
- Not having a well-defined criteria: Even if a product rates well, you still need to make sure it’s the right one for your organization. Use criteria such as performance, price, easy of use and other factors important to you.
The post 3 Mistakes Never To Make When Evaluating Cybersecurity appeared first on CCSI.
*** This is a Security Bloggers Network syndicated blog from CCSI authored by CCSI Team. Read the original post at: http://www.ccsinet.com/blog/3-mistakes-never-make-evaluating-cybersecurity/