With the steep rise in breaches and related financial losses, some vendors are going nuts, pricewise. It used to be you could hack together a centralized syslog for free if you had a server sitting around, but now, if you need a tasty looking dashboard, bring your wallet.
It’s easy to see why, as the speed of remediation (or stopping an attack in the first place) has been subjected to enough financial metrics to justify the spend to the boardroom and perhaps even to stockholders. But be careful, as the marketers have entered the fray - you could be buying a lot of hot air.
We’re not saying don’t spend for quality, but a healthy dose of fact-finding prior to purchase can save you more than the cost of a new hire, even in the competitive marketplace of today. Marketers have even invaded the booths of Black Hat recently, as we’ll see this year. No? Go ask a sampling of booth staff to describe BGP in detail. I’ll bet I can predict the results.
The good news is there are plenty of good technical resources and reputable companies at Black Hat that will give you good advice. But increasingly, we see non-technical people placed in charge of large departments which are tapped with protecting the organization’s IT system, and they head to the show to find out what to do. Unfortunately, some companies prey on decision makers who have big wallets but minimal technical skills.
What to do? First, if you’re heading to Black Hat, understand that it’s a very technical landscape, where technologists will be deep in the weeds discussing the latest threats. You should bring someone of that type with you if you’re a decision maker; it will be the cost-effective thing you can do, especially compared to buying equipment that costs more than a house to solve a perceived problem that may be vastly overstated.
This year at Black Hat, it will be incumbent upon newer vendors to make sensational claims to gain market share from established vendors; call it cheap (or free) marketing. And while it’s nice to visit the startup areas and learn about new tech, consider the value of the thing you’re protecting, and that bleeding edge products probably don’t have much of a track record in your field of interest.
You might, for example, do some tests on cutting edge gear in an evaluation setting, where you can run it through the paces and determine your comfort level first. Many vendors, if they find out you’re serious, will let you do extended testing to enable you to convince yourself of the product’s value. Take them up on it.
Along the way, realize that open source projects form the underpinnings of (almost) all commercial offerings. Want the technology to continue to thrive? Spend some money and time with the open source community to support the hard work that forms the foundation for all of us. It will help all the vendors, which in turn will help your organization. Throwing a few thousand into the pot to support the community has a very large leverage effect on the good of the whole ecosystem. Some of the largest vendors have realized this, and sponsor many open source projects with resources; you should too.
This isn’t at odds with commercial vendors, who build customization on top of that foundation; it simply bolsters that effort, writ large. It’s likely you don’t own or use a single piece of software that doesn’t have open source bits at the foundation somewhere, so you’ll be helping the commercial vendors build secure layers where they are experts, and have a stronger foundation to support their trick tech.
Remember, no one thinks your information is more important than you do, so in the end it’s up to you to determine your best defense. Get all the facts and bring your own expert to Black Hat with your best interest in mind, and you’ll have a far better chance of buying good tech - without all the hot air.