Sign up to save your podcasts
Or
Share Trusting Security Vendor Claims
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Trusting Security Vendor Claims
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-trusting-security-vendor-claims/)
Do security vendors deliver on their claims and heck, are they even explaining what they do clearly so CISOs actually know what they're buying?
Check out this post and the Valimail survey for the basis of our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and guest Lee Parrish (@LeeParrish), CISO, Hertz.
Thanks to this week's podcast sponsor, AttackIQ.
AttackIQ, the leading independent vendor of breach and attack simulation solutions, built the industry's first Security Optimization Platform for continuous security control validation and improving security program effectiveness and efficiency. AttackIQ is trusted by leading organizations worldwide to plan security improvements and verify that cyberdefenses work as expected, aligned with the MITRE ATT&CK framework. On this episode of Defense in Depth, you'll learn:
- From those surveyed by Valimail survey, a third to a half didn't believe that vendors did a good job explaining what their product does, or that the product actually performed, or there was any way to actually measure that performance.
- Many questioned those numbers because they feel many security buyers still fall for security vendors' boastful claims. Both can actually be true.
- Stunned behavior at a trade show is not the indicator of knowledge and susceptibility to vendor pitches.
- When you're under the gun as a security professional to produce results you often become victim to security vendor claims because you want to deliver on demands from the business.
- By nature, CISOs should be skeptical about vendor claims and information within their own environment.
- There's a battle between those vendors truly trying to deliver value and those who are using their marketing savvy to sway industry thinking.
- Don't place all the blame on the vendors. CISOs still have trouble understanding their requirements, risk, and priorities. Many are guilty of engaging in "random acts of security".
- Claims can often be more trustworthy if the vendor is willing to explain what they can't do.
View all episodes
By David Spark, Steve Zalewski, Geoff Belknap
4.8
7373 ratings
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-trusting-security-vendor-claims/)
Do security vendors deliver on their claims and heck, are they even explaining what they do clearly so CISOs actually know what they're buying?
Check out this post and the Valimail survey for the basis of our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and guest Lee Parrish (@LeeParrish), CISO, Hertz.
Thanks to this week's podcast sponsor, AttackIQ.
AttackIQ, the leading independent vendor of breach and attack simulation solutions, built the industry's first Security Optimization Platform for continuous security control validation and improving security program effectiveness and efficiency. AttackIQ is trusted by leading organizations worldwide to plan security improvements and verify that cyberdefenses work as expected, aligned with the MITRE ATT&CK framework. On this episode of Defense in Depth, you'll learn:
- From those surveyed by Valimail survey, a third to a half didn't believe that vendors did a good job explaining what their product does, or that the product actually performed, or there was any way to actually measure that performance.
- Many questioned those numbers because they feel many security buyers still fall for security vendors' boastful claims. Both can actually be true.
- Stunned behavior at a trade show is not the indicator of knowledge and susceptibility to vendor pitches.
- When you're under the gun as a security professional to produce results you often become victim to security vendor claims because you want to deliver on demands from the business.
- By nature, CISOs should be skeptical about vendor claims and information within their own environment.
- There's a battle between those vendors truly trying to deliver value and those who are using their marketing savvy to sway industry thinking.
- Don't place all the blame on the vendors. CISOs still have trouble understanding their requirements, risk, and priorities. Many are guilty of engaging in "random acts of security".
- Claims can often be more trustworthy if the vendor is willing to explain what they can't do.
More shows like Defense in Depth
View all
Hacked
187 Listeners
Security Now (Audio)
2,008 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
372 Listeners
Risky Business
371 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
651 Listeners
CyberWire Daily
1,021 Listeners
Smashing Security
319 Listeners
Click Here
415 Listeners
Darknet Diaries
8,061 Listeners
Cybersecurity Today
179 Listeners
Hacking Humans
315 Listeners
CISO Series Podcast
188 Listeners
Cyber Security Headlines
139 Listeners
Risky Bulletin
44 Listeners
Hacker And The Fed
168 Listeners