Top tips for finding the right cybersecurity products


Having trouble finding the right security products for your business? You’re not the only one.

Today’s market is filled with hundreds of vendors and plenty of marketing hype. But figuring out which solutions are worthwhile can be a challenge, especially for businesses with little experience in cybersecurity.  

So we asked actual buyers of enterprise security products for tips, and here’s what they said.  

Damian Finol, security technical program manager at a major internet firm

Businesses have to do their research. That means looking at customer recommendations instead of relying on what vendors say. Testing the security products in house is also highly advised.

in Microsoft Office. This can be set up with Microsoft’s group policy setting, at no extra cost. Shpantzer also likes to work with companies to implement proven protective measures such as application whitelisting, keeping software up to date, and other strategies like those by Australia’s intelligence agency.

Clients who do buy security products should be aware that not all are easy to use. Imagine a threat monitoring platform that generates a hundred alerts each day — some false positives, some real. Do you investigate every one?  

“If I gave you a million-dollar budget for an IDS (intrusion detection system), you would say, ‘Great, our problem is solved.’ No, your problem just began,” he said. The work is about to pile up.

Beyond the initial purchase, there’s a whole lifecycle to a security product. This can include the people who will operate it, how the product will be deployed, fine-tuning the technology, and understanding all the requirements needed to run and maintain it, Shpantzer said. 

Jonathan Chow, a CISO at an entertainment-focused company

Bad vendors tend to use scare tactics, while good vendors listen to your needs and try to help secure your business, even if that means offering free advice, he said.  

“There’s nothing really magical about a security product,” Chow said. “People need to be cautious and vigilant whenever spending money on a piece of technology.” 

His top tip for finding the right security products is to listen to what other buyers are saying.

“I think asking their peers to share their experiences is the best way,” he said.

Brian Honan, CEO of BH Consulting, which advises clients on IT security purchases

Be wary of vendors that can’t offer any customer references, or that only offer products demos under strict test conditions, Honan said. 

“If they don’t have the product reviewed or accessed by independent bodies, that would concern me as well,” he said. 

Unfortunately, when businesses do buy security products, they often don’t use them correctly, Honan said.

“They buy a box with a flashing light, hoping it will keep them secure,” but end up with a false sense of security because they didn’t configure it right, he said. “I’ve seen this happen many times.”

“You have to spend a lot of time fine-tuning these tools, and a lot of companies don’t spend the time to do that,” Honan said. “They will then point the finger at the product and say it didn’t work.”