Skip to main content

5 questions CISOs should ask their cybersecurity vendors

* Selecting a cybersecurity vendor can be a difficult task, given all the considerations that must be taken. * Chief information security officers should ask themselves a series of questions before deciding on a cybersecurity vendor — from what threats it detects to how easy it is to use. * Cisco's new SecureX cloud native platform is helping solve CISOs biggest cybersecurity challenges Cybersecurity vendors always seem to be ready with answers. The trick for chief information security officers (CISOs) is to curt through the clutter by asking the right questions. Wendy Nather, head of advisory CISOs for Cisco, understands these conversations from the inside out. Here are the questions she says every cybersecurity vendor should be able to answer to get your business. What threats can your product detect? What you can't prevent, you must detect, but don't assume that security tools detect everything. Ask how broad the tool's scope and detection criteria are. Be sure that the vendor isn't leaving it up to other tools to detect subcategories of incident. Which products do you really integrate with? According to Cisco's 2020 CISO Benchmark Report, 81% of CISOs find product fragmentation a challenge, making cross-product integration a key requirement. Users should be able to exchange data completely within their security platform, Nather says. Exporting files and sending them via email introduces friction and exacerbates the cybersecurity fatigue that 42% of CISOs already feel thanks to information overload. Some vendors that claim to integrate only publish an application programming interface (API) that lets other products talk to theirs, but that doesn't help if no one uses it. True integration means giving full visibility—no black holes — and exchanging data with other products seamlessly and automatically. "Can I talk to other third-party product vendors that are actually using it?" asks Nather. "And can I see that integration in action? Those are the important integration questions." How easy is the product to use? The most functional product is only as useful as its interface. Security teams dealing with an incident in real time — especially those working remotely — must interact quickly and efficiently. That needs frictionless usability, so ask how consistent the user experience is across different product modules. Follow up by asking how well the product's interface supports people with different levels of technical knowledge. A well-integrated product suite will support different functions and roles, so role-based access control with different usage privileges is crucial to stop costly mistakes. "Another feature to ask about when it comes to access controls is single sign-on (SSO)," Nather says. Users should be able to log into different products and modules with a single multi-factor authentication (MFA) system. Cisco's Benchmark Report shows that only 27% of companies use MFA today. How flexible is the product licensing? Functionality comes at a cost that may not be obvious, so make sure to explore the vendor's licensing structure. Some vendors who license products on a per-application basis might restrict how often you can switch that license to monitor different software. They may also restrict your ability to apply the license to different business units, creating problems during company restructuring or acquisitions. Ensure that the licensing structure supports your usage model. How easy is the product to secure? Cybersecurity products come with their own security challenges. Nather suggests asking about the vendor's internal security process. Is there a team handling product testing? How does it interact with external security researchers, and is there a responsible disclosure policy that guarantees they'll fix bugs and notify customers? This is also the time to ensure that the product is easy to patch, which means asking about the security update cadence. If there's one thing these questions teach us, it's that framing the right product questions takes technical knowledge. When a vendor touts a product feature, whether it's machine learning or application-layer DDoS mitigation, CISOs must know enough about the underlying technical nuances to fact-check vendor claims. Even CISOs from a technical background can't have all this knowledge at their fingertips. It takes a well-informed team to help frame the conversation. When you're sorting reality from hyperbole, preparation is key. CT Cisco recently introduced SecureX, its cloud-native integrated security platform. It unifies visibility, enables automation, and strengthens security across network, endpoints, cloud, and applications--all without replacing an organizations current security infrastructure or layering on new technology. Learn more how Cisco SecureX can help address your company's cybersecurity challenges.  This post was created by Insider Studios with Cisco. SEE ALSO: This platform could solve security professionals' biggest concerns Join the conversation about this story »
https://bit.ly/3fagEbV

Popular posts from this blog

SpaceX has a 'go' from NASA to return 2 astronauts to Earth on Sunday as Hurricane Isaias threatens several Florida splashdown locations

* NASA on Saturday gave SpaceX a "go" to undock the company's first crewed space mission, called Demo-2, and land it on Sunday evening. * Hurricane Isaias complicated original plans to return two astronauts to Earth aboard SpaceX's Crew Dragon spaceship in the Atlantic Ocean. * Elon Musk's aerospace company may now try to splash down NASA astronauts Bob Behnken and Doug Hurley in the Gulf of Mexico. * Two out of seven total landing sites near Florida must have good weather conditions, and NASA has until about 5 p.m. ET on Saturday to call off the undocking. * Should the weather worsen, NASA and SpaceX can try again a day later or some other date over the next two months. * Visit Business Insider's homepage for more stories. Astronauts Bob Behnken and Doug Hurley have a "go" to return to Earth this weekend and wrap up an historic space mission for both NASA and SpaceX.  Behnken and Hurley launched to orbit aboard SpaceX's Crew Dragon vehic...

Here's an exclusive look at the pitch deck London fintech Lanistar used to raise $19 million at a $190 million valuation

* London-based fintech startup Lanistar has raised a £15 million ($19 million) funding round from Milaya Capital.  * Founded in 2019, Lanistar is building a personal financial management platform that will launch later in 2020.  * "We're expecting a huge amount of growth upon our launch and have already seen strong interest among our sign ups," Gurhan Kiziloz, founder and CEO of Lanistar, told Business Insider. * Visit Business Insider's homepage for more stories.  The coronavirus lockdown in the UK has brought the importance of managing money into sharp relief. A recent study from Money.com shows that 71% of UK households have saved cash during lockdown, and, with uncertainty about jobs and the economy looming, money management is now front of mind for many. Lanistar, a banking platform with a focus on personal finance, is one company offering tools for consumers to better manage their money. It has just raised a £15 million ($19 million) funding round from Mil...

How to send your location on Snapchat to your friends through the app's Snap Map feature

* You can send your location on Snapchat to a single friend or to several users in a group.   * To send a location on Snapchat, you'll need to visit your friendship history with a user and locate the "Send My Location" feature.  * Once you send a location on Snapchat to a friend, they can tap it and zoom in to see where you are.  * Visit Business Insider's Tech Reference library for more stories. Whether you want to share the location of your favorite restaurant or the address of your new apartment, you can easily send your location on Snapchat to your friends.  You can do this using the Snap Map and will even be prompted to select who you want to share you location with the first time you use the app feature. You can choose to share your location with your mutual friends, a list of friends with exceptions, or a small group of selected friends.  To send your location directly to a mutual Snapchat friend, you must visit your chat history through your friends li...