Too Many Tools

By Eric Noonan • January 29, 2015

It’s January so lists and predictions abound and most of them are just fun with prognosticators having no real stake in the accuracy of their predictions.  One trend that caught my eye was the prevalence of lists in the security space that was focused on product vendors and “hot” product companies. Dark Reading’s list of “20 Startups To Watch In 2015” and CRN’s list of “Top 10 Security Vendors To Watch In 2015” were both dominated by product companies. The focus on products implies that CIO’s and CISO’s are yearning for even more tools to spread across an already thin staff and that’s not been my experience at all.

I understand the focus on products; they offer a simple way to answer most security questions. Oh, you lost data; you need a Data Loss Prevention tool. Lost a laptop with proprietary data, buy an endpoint encryption product. Having trouble finding incidents on your network; you need a Security Information and Event Management tool. The list goes on and on. This product-focused mindset that dominates our industry is part of the problem.

In fact just last week I was in a CIO’s office who’s views on the rush to buy products summed up in one sentence what I’ve tried to articulate here. He told me “If one more person tells me I need to buy (Vendor Name Redacted) I’m going to throw him out the window.”

The answer, find a security services partner that can integrate and optimize what you already own and enable you to tell the security story in business terms. Take your next meeting with a services company and see how much more focused the conversation is on your problems and possible solutions rather than someone else’s pre-existing solution in the form of a product. Obviously, I believe this because of my personal experience as a former CISO and the weekly conversations I have now with CIO’s and CISO’s as their services provider but I’d invite you to see for yourself.

CyberSheath Blog

2022 in Review: The CyberSheath Story Expands

This year marked a deluge of messaging about the Cybersecurity Maturity Model Certification (CMMC) and federal contractors were rightfully confused. With our keystone event, CMMC CON, we aimed to set the record straight and offer the best guidance for those in the Defense Industrial Base (DIB).   CMMC CON 2022…

CyberSheath Endorsed by Frost & Sullivan in First Independent Analyst Commentary on CMMC

Independent analyst firms have weighed in with commentary on nearly every discipline of information technology. Security has garnered a large portion of that IT discussion, yet until recently, Cybersecurity Maturity Model Certification (CMMC) compliance has been left out.   Frost & Sullivan changed that by selecting CyberSheath as its preferred…

Be Prepared: CMMC 2.0 Is Coming

Cybersecurity is increasingly important to safeguard your company, your customers, and your partners. We're moving into a global cyber era and we've got to get better at protecting ourselves.   Our adversaries are capitalizing on the lack of security controls in place in the defense industrial base (DIB) and we…

Our Trusted Partners

Tenable Microsoft Siemplify KnowBe4 ConnectWise DUO