Do you want to live with a big rock, a fancy dog, a tailored suit, or a flexible ecosystem?

In other words, what’s the best way to procure cybersecurity technology?

That sounds like a trick question, but it isn’t.

While most cybersecurity professionals believe they’re underfunded (and probably are) and most cybersecurity programs are understaffed (and probably are), one of the ways to counter this austerity is with efficiency. What would we do with more money if we got it? How would we be sure it’s spent to maximum advantage?

Figuring out how to procure information security products effectively is more challenging than it first appears. Here are four basic approaches:

  1. There’s the big brand approach. “One stop shop” sounds good. Get everything you need from a single giant vendor whether they are the best at what they do or not. A single throat the choke – right?
  2. There’s the boutique approach. Research “best of breed” brands and get all the hot solutions. Now you’ve got the opposite problem as the big brand method, for you need to go to a lot of little shops.
  3. There’s the customize everything approach. Hire a smaller vendor and have them create everything for you, guiding their development to your needs. Better, but still time and resource heavy on your part.
  4. There’s the ecosystem of best vendors approach. Each vendor has core competencies in different areas in the information security space. Integrating these competencies helps solve our customers’ problems.

At Tripwire, we believe our solution set is designed to provide a foundation for your se­curity and compliance program, but it is only one piece. Equally important is Tripwire’s ability to integrate and share information with other tools and applications. Tripwire uses a col­laborative approach to align its solu­tions with your evolving IT ecosystem.

Mature (Read more...)