CISOs Are Skeptical About Cybersecurity Vendor Claims, Study Shows

Most Enterprise IT pros believe cybersecurity vendors use ambiguous data, and sometimes even resort to lies to peddle their products, according to a new survey.

The Valimail survey, conducted in October, was based on 296 responses from organizations of various sizes in eight sectors, including federal and state and local government, technology services, finance, education, manufacturing, medical and health care, legal/real estate and retail and wholesale distribution.

Asked about cybersecurity vendors, CISOs expressed very mixed feelings. 42% of respondents said cybersecurity products deliver value “sometimes,” but it is difficult or impossible to prove that value. 47% said only half of their vendors provide contractual guarantees their products work as advertised.

It gets worse. Around half of those surveyed felt downright deceived by their vendor. For example, 44% of security pros believe most, if not all, vendors obfuscate their technology with hard-to-understand descriptions. 53% said their vendors use ambiguous data that makes it hard to verify their claims. And 35% say their vendors don’t meet their promises half of the time.

Surveyors agreed with their subjects in that cybersecurity vendors should work harder to eliminate jargon, state plainly what customers are buying and what results they can expect, as well as work alongside their clients to ensure those results are realized.

However, what the survey can’t tell us is whether the respondents were using the right tools for the job. Organizations often use solutions that are unfit to defend modern infrastructures against advanced, sophisticated threats, or adequately scale up with the business. For example, with most companies taking to the cloud to streamline their operations and boost productivity, the cybersecurity aspect is often left behind. Understaffed and lacking the budget to achieve a good cybersecurity posture, IT reps are often left struggling with tools and processes that are simply not designed to protect cloud workloads.

Insider threats are another good example. With most targeted attacks leveraging system misconfigurations and human error, network traffic analytics is becoming an essential tool to defend an organization’s data flow.

And there’s always the trouble associated with using disparate solutions from different vendors that may or may not provide full compatibility with the rest of a company’s cybersecurity stack. Bitdefender has made it its mission to offer a complete stack of cybersecurity technologies, all seamlessly integrated and accessible from a single-pane interface that IT administrators can actually use.

*** This is a Security Bloggers Network syndicated blog from Business Insights In Virtualization and Cloud Security authored by Filip Truta. Read the original post at: