Skip to main content

5 questions CISOs should ask their cybersecurity vendors

* Selecting a cybersecurity vendor can be a difficult task, given all the considerations that must be taken. * Chief information security officers should ask themselves a series of questions before deciding on a cybersecurity vendor — from what threats it detects to how easy it is to use. * Cisco's new SecureX cloud native platform is helping solve CISOs biggest cybersecurity challenges Cybersecurity vendors always seem to be ready with answers. The trick for chief information security officers (CISOs) is to curt through the clutter by asking the right questions. Wendy Nather, head of advisory CISOs for Cisco, understands these conversations from the inside out. Here are the questions she says every cybersecurity vendor should be able to answer to get your business. What threats can your product detect? What you can't prevent, you must detect, but don't assume that security tools detect everything. Ask how broad the tool's scope and detection criteria are. Be sure that the vendor isn't leaving it up to other tools to detect subcategories of incident. Which products do you really integrate with? According to Cisco's 2020 CISO Benchmark Report, 81% of CISOs find product fragmentation a challenge, making cross-product integration a key requirement. Users should be able to exchange data completely within their security platform, Nather says. Exporting files and sending them via email introduces friction and exacerbates the cybersecurity fatigue that 42% of CISOs already feel thanks to information overload. Some vendors that claim to integrate only publish an application programming interface (API) that lets other products talk to theirs, but that doesn't help if no one uses it. True integration means giving full visibility—no black holes — and exchanging data with other products seamlessly and automatically. "Can I talk to other third-party product vendors that are actually using it?" asks Nather. "And can I see that integration in action? Those are the important integration questions." How easy is the product to use? The most functional product is only as useful as its interface. Security teams dealing with an incident in real time — especially those working remotely — must interact quickly and efficiently. That needs frictionless usability, so ask how consistent the user experience is across different product modules. Follow up by asking how well the product's interface supports people with different levels of technical knowledge. A well-integrated product suite will support different functions and roles, so role-based access control with different usage privileges is crucial to stop costly mistakes. "Another feature to ask about when it comes to access controls is single sign-on (SSO)," Nather says. Users should be able to log into different products and modules with a single multi-factor authentication (MFA) system. Cisco's Benchmark Report shows that only 27% of companies use MFA today. How flexible is the product licensing? Functionality comes at a cost that may not be obvious, so make sure to explore the vendor's licensing structure. Some vendors who license products on a per-application basis might restrict how often you can switch that license to monitor different software. They may also restrict your ability to apply the license to different business units, creating problems during company restructuring or acquisitions. Ensure that the licensing structure supports your usage model. How easy is the product to secure? Cybersecurity products come with their own security challenges. Nather suggests asking about the vendor's internal security process. Is there a team handling product testing? How does it interact with external security researchers, and is there a responsible disclosure policy that guarantees they'll fix bugs and notify customers? This is also the time to ensure that the product is easy to patch, which means asking about the security update cadence. If there's one thing these questions teach us, it's that framing the right product questions takes technical knowledge. When a vendor touts a product feature, whether it's machine learning or application-layer DDoS mitigation, CISOs must know enough about the underlying technical nuances to fact-check vendor claims. Even CISOs from a technical background can't have all this knowledge at their fingertips. It takes a well-informed team to help frame the conversation. When you're sorting reality from hyperbole, preparation is key. CT Cisco recently introduced SecureX, its cloud-native integrated security platform. It unifies visibility, enables automation, and strengthens security across network, endpoints, cloud, and applications--all without replacing an organizations current security infrastructure or layering on new technology. Learn more how Cisco SecureX can help address your company's cybersecurity challenges.  This post was created by Insider Studios with Cisco. SEE ALSO: This platform could solve security professionals' biggest concerns Join the conversation about this story »
https://bit.ly/3fagEbV

Popular posts from this blog

PayPal parts with top advertising executive after shifting its marketing strategy during the pandemic

* PayPal's chief creative officer Steve Simpson, its top advertising executive, left the company after about a year. * The move came after PayPal shifted its marketing strategy during the coronavirus pandemic, placing less emphasis on the brand and more on catering to small businesses, said a source with direct knowledge of the marketing operation. * Simpson's departure followed that of CMO and former Apple executive Allison Johnson in May. Both "decided to leave PayPal" as the company streamlines its global marketing functions, according to a PayPal spokeswoman. * Visit Business Insider's homepage for more stories. PayPal's highest-ranking ad executive Steve Simpson left earlier this month after just over a year as part of a restructuring of its global marketing business. Simpson, who was chief creative officer, was hired to make high-minded ad campaigns to help PayPal stand out from competitors like Square, Stripe, and Apple Pay. But this strategy chan...

TikTok confirms it will sue the US government, alleging Trump failed to provide 'due process' before issuing ban

* TikTok confirmed Saturday that the company planned to sue the US government over President Donald Trump's executive orders targeting the popular app. * A company spokesperson said TikTok experienced "a lack of due process as the administration paid no attention to facts and tried to insert itself into negotiations between private businesses." * TikTok, which has surged in popularity over the past year, was known as Musical.ly until it was purchased by the Chinese company ByteDance in 2017 and renamed. * The president on August 6 and August 14 signed executive orders targeting TikTok.  * Visit Business Insider's homepage for more stories. TikTok on Saturday announced it plans to sue the US government over President Donald Trump's executive orders pertaining to its ownership, arguing the company was deprived of its due process rights. The president, who began targeting TikTok in July, issued an executive order August 6 making it illegal for American compani...

A pair of former champions headline UFC Fight Night: Munhoz vs Edgar — How to watch

  * UFC Fight Night: Munhoz vs Edgar will be streamed live on August 22, exclusively through the ESPN+ streaming service. * In the main event, former UFC Lightweight champion Frankie Edgar will make his debut in the bantamweight division in the 27th match of his UFC career. * With 13 career wins by knockout or submission, 5th ranked Pedro Munhoz is the former Resurrection Fighting Alliance bantamweight champion and one of the UFC division's most formidible fighters. * Prelims are set to start at 6 p.m. ET and the main card is scheduled to begin at 8:30 p.m. ET. * Every UFC Fight Night event is included with an ESPN+ subscription, which costs $6.99 per month or $49.99 per year. Product Card Module: Monthly Subscription Service Card size: small Former UFC lightweight champion Frankie Edgar will make his bantamweight debut against #5 ranked Pedro Munhoz in the main event of UFC Fight Night: Munhoz vs Edgar on August 22. Munhoz has dominated opponents in his 18 career wins...