Skip to main content

5 questions CISOs should ask their cybersecurity vendors

* Selecting a cybersecurity vendor can be a difficult task, given all the considerations that must be taken. * Chief information security officers should ask themselves a series of questions before deciding on a cybersecurity vendor — from what threats it detects to how easy it is to use. * Cisco's new SecureX cloud native platform is helping solve CISOs biggest cybersecurity challenges Cybersecurity vendors always seem to be ready with answers. The trick for chief information security officers (CISOs) is to curt through the clutter by asking the right questions. Wendy Nather, head of advisory CISOs for Cisco, understands these conversations from the inside out. Here are the questions she says every cybersecurity vendor should be able to answer to get your business. What threats can your product detect? What you can't prevent, you must detect, but don't assume that security tools detect everything. Ask how broad the tool's scope and detection criteria are. Be sure that the vendor isn't leaving it up to other tools to detect subcategories of incident. Which products do you really integrate with? According to Cisco's 2020 CISO Benchmark Report, 81% of CISOs find product fragmentation a challenge, making cross-product integration a key requirement. Users should be able to exchange data completely within their security platform, Nather says. Exporting files and sending them via email introduces friction and exacerbates the cybersecurity fatigue that 42% of CISOs already feel thanks to information overload. Some vendors that claim to integrate only publish an application programming interface (API) that lets other products talk to theirs, but that doesn't help if no one uses it. True integration means giving full visibility—no black holes — and exchanging data with other products seamlessly and automatically. "Can I talk to other third-party product vendors that are actually using it?" asks Nather. "And can I see that integration in action? Those are the important integration questions." How easy is the product to use? The most functional product is only as useful as its interface. Security teams dealing with an incident in real time — especially those working remotely — must interact quickly and efficiently. That needs frictionless usability, so ask how consistent the user experience is across different product modules. Follow up by asking how well the product's interface supports people with different levels of technical knowledge. A well-integrated product suite will support different functions and roles, so role-based access control with different usage privileges is crucial to stop costly mistakes. "Another feature to ask about when it comes to access controls is single sign-on (SSO)," Nather says. Users should be able to log into different products and modules with a single multi-factor authentication (MFA) system. Cisco's Benchmark Report shows that only 27% of companies use MFA today. How flexible is the product licensing? Functionality comes at a cost that may not be obvious, so make sure to explore the vendor's licensing structure. Some vendors who license products on a per-application basis might restrict how often you can switch that license to monitor different software. They may also restrict your ability to apply the license to different business units, creating problems during company restructuring or acquisitions. Ensure that the licensing structure supports your usage model. How easy is the product to secure? Cybersecurity products come with their own security challenges. Nather suggests asking about the vendor's internal security process. Is there a team handling product testing? How does it interact with external security researchers, and is there a responsible disclosure policy that guarantees they'll fix bugs and notify customers? This is also the time to ensure that the product is easy to patch, which means asking about the security update cadence. If there's one thing these questions teach us, it's that framing the right product questions takes technical knowledge. When a vendor touts a product feature, whether it's machine learning or application-layer DDoS mitigation, CISOs must know enough about the underlying technical nuances to fact-check vendor claims. Even CISOs from a technical background can't have all this knowledge at their fingertips. It takes a well-informed team to help frame the conversation. When you're sorting reality from hyperbole, preparation is key. CT Cisco recently introduced SecureX, its cloud-native integrated security platform. It unifies visibility, enables automation, and strengthens security across network, endpoints, cloud, and applications--all without replacing an organizations current security infrastructure or layering on new technology. Learn more how Cisco SecureX can help address your company's cybersecurity challenges.  This post was created by Insider Studios with Cisco. SEE ALSO: This platform could solve security professionals' biggest concerns Join the conversation about this story »
https://bit.ly/3fagEbV

Popular posts from this blog

'Is Twitch on Roku?': No, not anymore — here's how to watch Twitch on your TV without using Roku

* There's no official Twitch app for Roku devices anymore, although there used to be one. * If you still have the old Twitch app installed, there's a chance it'll still work, but it's unlikely. * If you'd like to watch Twitch on your TV, you're better off using another device like an Amazon Fire TV Stick or Chromecast. * Visit Business Insider's Tech Reference library for more stories. Twitch's acquisition by Amazon opened the door to some cool features, like Twitch Prime. However, the acquisition also means that now there's no way to watch Twitch on a Roku device — after all, Roku is one of Amazon's competitors. Twitch used to offer a fully featured app for Roku devices. If you try to download that app now, however, you'll be shown a message saying that the app has been shut down.  If you already had the app downloaded when it was shut down, it's likely that you can't use it anymore. And even if you can, there's going t...

How to send your location on Snapchat to your friends through the app's Snap Map feature

* You can send your location on Snapchat to a single friend or to several users in a group.   * To send a location on Snapchat, you'll need to visit your friendship history with a user and locate the "Send My Location" feature.  * Once you send a location on Snapchat to a friend, they can tap it and zoom in to see where you are.  * Visit Business Insider's Tech Reference library for more stories. Whether you want to share the location of your favorite restaurant or the address of your new apartment, you can easily send your location on Snapchat to your friends.  You can do this using the Snap Map and will even be prompted to select who you want to share you location with the first time you use the app feature. You can choose to share your location with your mutual friends, a list of friends with exceptions, or a small group of selected friends.  To send your location directly to a mutual Snapchat friend, you must visit your chat history through your friends li...

Apple has backed down in its latest developer fight, apologizing to WordPress after it pressured the website-builder to add in-app payments

* Apple has apologized after it tried to force WordPress to add in-app payment options to a free app. * WordPress' founder said on Friday that Apple was refusing to allow any updates to the WordPress iOS app until the website builder added in-app purchases, from which Apple takes a 15-30% commission. * Apple is in a fierce fight with developers including "Fortnite" maker Epic Games and Spotify over its rules on in-app purchases. * Visit Business Insider's homepage for more stories. Apple has backed down in its latest skirmish with a developer over its App Store rules. The tech giant on Sunday issued a rare apology to WordPress after it pressured the website builder to add payment options to its free iOS app, or else be blocked from updating. "We believe the issue with the WordPress app has been resolved," an Apple spokesman told The Verge. "Since the developer removed the display of their service payment options from the app, it is now a free st...