Of all the time sucks that security professionals face, arguably one of the more underrepresented is the evaluation of security products.
One simply needs to traverse the floor at a show like RSA Conference to realize the sheer size of the security marketplace and how many vendors claim that they can, with the flip of a switch, solve your exact challenges. In such a crowded and competitive space, it's no wonder skepticism among buyers - who are projected to spend some $96 billion this year on security, according to Gartner - can easily run rampant.
Perhaps the product they are being marketed isn't able to scale to a large-enough user population, perhaps its features overpromise but underdeliver, or perhaps adequate support isn't being given to get the product configured, deployed and managed. Or simply enough, perhaps the product just isn't very good at doing what it should be doing.
Few industries are quite like information security, where it pays to be picky about the technologies you use. After all, the average cost of a data breach rose this year to around $4 million. If a security solution doesn't work like you want it to - or how the vendor claimed it would - things can get out of hand in a hurry.
At the same time, CISOs and other IT and security leaders need help avoiding the wasted resources that go into finding the right technology for your organization, which can certainly feel like searching for a needle in a haystack.
One option is to turn to independent evaluations, which can offer a trusted and reliable perspective. Virus Bulletin is one such entity, and the testing and certification body recently bestowed a VBWeb award on the Trustwave Secure Web Gateway, which is used to identify and block malware in real time.
"Trustwave 's Secure Web Gateway continues its excellent performance on our test bed, once again blocking all exploit kits - no trivial achievement given how such kits constantly evolve in an attempt to stay one step ahead of the security vendors," the report said. "With a weighted average block rate of 99.9%, yet another VBWeb award is well deserved by Trustwave."
Our achievement aside, before you buy anything, you must first determine whether you need it - and a good way to do that is through a risk assessment. Evaluating your IT infrastructure as a whole, as opposed to a single product, will prove more beneficial in the end. You just may be surprised what you discover.
Dan Kaplan is manager of online content at Trustwave and a former IT security reporter and editor.