Security Tool Procurement: 3 Keys To Success

By Eric Noonan • March 7, 2016

Security products, or tools, are an important part of the three-legged stool of people, processes, and technology. My experience has been that the technology portion of the equation gets most of the attention and a large share of the budget. There are many reasons for this not the least of which is product vendors spending significant money marketing their tools as solutions to the CISO’s problems.

Despite all of the money that swirls around tool procurement, success is elusive. Discarded Data Loss Prevention (DLP) investments, over budget identity and access management projects, and underutilized Security Information and Event Management (SIEM) platforms are common outcomes when the focus is exclusively on the technology without consideration of people and processes.

3 Keys to Enable Your Technology Investments and Succeed for the Long Term

1: Execute a Staffing Plan to Utilize the Product

The operation and maintenance of a security tool procurement are almost never included in the planning or purchasing process. Typically the same number of engineers continue to be stretched across more tools until only the most critical tools can be sustained. Often, other tools may sit neglected operationally despite the annual maintenance bill from the vendor. To avoid this pitfall, be realistic about the minimum staffing requirements needed to reap the original benefits that drew you to the tool. Have a conversation with the engineers that will support it to establish service level agreements and metrics that everyone can live with. Be skeptical of thinking you can send someone from your team to the vendor’s 3-5 day training class and assume that will suffice. It won’t. These classes tend to cover a high-level overview of the tool’s capabilities, often time burning precious hours on modules you have yet to purchase.

Be honest about how thin you can stretch your team and make the business case for additional staff if that’s what is required for success.

2: Formally Integrate the Product Into Existing Operational Processes

To support the team operating the tool, procedures should be formal, documented, and repeatable. Ideally, if some process already exists, for example, incident response, fold the new product purchase into the existing operating procedures if appropriate. If you have already spent the time and investment in creating a mature cybersecurity program, then take full advantage of your good work and integrate the new product into your program. If you have a Governance, Risk, and Compliance (GRC) solution be sure to add a data feed for the new product or find some other way to leverage existing investments to make the new product a part of the current environment at a minimum.

3: Continuously Measure the Effectiveness of Your Investment

Deploying a recently purchased technology should not be your end game. Deployment does not equal victory, it’s often just where the hard work begins. Cybersecurity is fast-paced and dynamic so by the time you finish negotiating a price with your vendors there will likely be a new number one priority. Even with that reality, and in fact because of it, having metrics to measure the effectiveness of your new product is critical. Force the selling vendor to come up with a way for you to continuously measure the tool they are selling over time if they want the sale they will do the work. These metrics will keep you from being in the position of paying annual maintenance for tools that have long outlived their utility.

Buying security tools is easy, optimizing them for long term success is not. These three keys will enable you to better measure and manage your technology investments for the long term.

Did You Like This Post?  

Subscribe to CyberSheath’s blog today to receive email updates as new posts become published.

CyberSheath Blog

Dr. Robert Spalding to Address Nation-State Attacks at CMMC Con 2021

Since the inaugural CMMC Con, we’ve seen some of the most malicious attacks on American infrastructure ever executed. The SolarWinds attack reverberated across the entire government as agencies scrambled to discover what nation-state attackers had accessed and stolen. The Colonial Pipeline, shut down by a ransomware attack, led to fuel…

CMMC-AB vice chair Jeff Dalton to address CMMC Con 2021

The swiftness and severity of recent cyber attacks has dominated headlines and revealed that many organizations still don’t quite know what to do to protect themselves, as well as the businesses and government entities they’re connected to.   Ransomware attacks were a big point of discussion at the recent G7…

CMMC Con 2021 Opens Registration, Reveals Theme and Speakers

CMMC compliance stands in the way of revenue for every defense contractor in the supply chain. Now that CMMC is a reality for the Defense Industrial Base (DIB), learn how contractors — primes and subs, large and small, foreign-owned — are handling the standards and requirements, as well as the…

Our Trusted Partners

Cyberark McAfee Thycotic RSA Tenable Alien Vault Alert Logic Microsoft

CMMC Con 2021 is here! Save your spot to hear the latest on CMMC from our expert speakers across the government and Defense Industrial Base.