Skip to main content

5 questions CISOs should ask their cybersecurity vendors

* Selecting a cybersecurity vendor can be a difficult task, given all the considerations that must be taken. * Chief information security officers should ask themselves a series of questions before deciding on a cybersecurity vendor — from what threats it detects to how easy it is to use. * Cisco's new SecureX cloud native platform is helping solve CISOs biggest cybersecurity challenges Cybersecurity vendors always seem to be ready with answers. The trick for chief information security officers (CISOs) is to curt through the clutter by asking the right questions. Wendy Nather, head of advisory CISOs for Cisco, understands these conversations from the inside out. Here are the questions she says every cybersecurity vendor should be able to answer to get your business. What threats can your product detect? What you can't prevent, you must detect, but don't assume that security tools detect everything. Ask how broad the tool's scope and detection criteria are. Be sure that the vendor isn't leaving it up to other tools to detect subcategories of incident. Which products do you really integrate with? According to Cisco's 2020 CISO Benchmark Report, 81% of CISOs find product fragmentation a challenge, making cross-product integration a key requirement. Users should be able to exchange data completely within their security platform, Nather says. Exporting files and sending them via email introduces friction and exacerbates the cybersecurity fatigue that 42% of CISOs already feel thanks to information overload. Some vendors that claim to integrate only publish an application programming interface (API) that lets other products talk to theirs, but that doesn't help if no one uses it. True integration means giving full visibility—no black holes — and exchanging data with other products seamlessly and automatically. "Can I talk to other third-party product vendors that are actually using it?" asks Nather. "And can I see that integration in action? Those are the important integration questions." How easy is the product to use? The most functional product is only as useful as its interface. Security teams dealing with an incident in real time — especially those working remotely — must interact quickly and efficiently. That needs frictionless usability, so ask how consistent the user experience is across different product modules. Follow up by asking how well the product's interface supports people with different levels of technical knowledge. A well-integrated product suite will support different functions and roles, so role-based access control with different usage privileges is crucial to stop costly mistakes. "Another feature to ask about when it comes to access controls is single sign-on (SSO)," Nather says. Users should be able to log into different products and modules with a single multi-factor authentication (MFA) system. Cisco's Benchmark Report shows that only 27% of companies use MFA today. How flexible is the product licensing? Functionality comes at a cost that may not be obvious, so make sure to explore the vendor's licensing structure. Some vendors who license products on a per-application basis might restrict how often you can switch that license to monitor different software. They may also restrict your ability to apply the license to different business units, creating problems during company restructuring or acquisitions. Ensure that the licensing structure supports your usage model. How easy is the product to secure? Cybersecurity products come with their own security challenges. Nather suggests asking about the vendor's internal security process. Is there a team handling product testing? How does it interact with external security researchers, and is there a responsible disclosure policy that guarantees they'll fix bugs and notify customers? This is also the time to ensure that the product is easy to patch, which means asking about the security update cadence. If there's one thing these questions teach us, it's that framing the right product questions takes technical knowledge. When a vendor touts a product feature, whether it's machine learning or application-layer DDoS mitigation, CISOs must know enough about the underlying technical nuances to fact-check vendor claims. Even CISOs from a technical background can't have all this knowledge at their fingertips. It takes a well-informed team to help frame the conversation. When you're sorting reality from hyperbole, preparation is key. CT Cisco recently introduced SecureX, its cloud-native integrated security platform. It unifies visibility, enables automation, and strengthens security across network, endpoints, cloud, and applications--all without replacing an organizations current security infrastructure or layering on new technology. Learn more how Cisco SecureX can help address your company's cybersecurity challenges.  This post was created by Insider Studios with Cisco. SEE ALSO: This platform could solve security professionals' biggest concerns Join the conversation about this story »
https://bit.ly/3fagEbV

Popular posts from this blog

Apple has backed down in its latest developer fight, apologizing to WordPress after it pressured the website-builder to add in-app payments

* Apple has apologized after it tried to force WordPress to add in-app payment options to a free app. * WordPress' founder said on Friday that Apple was refusing to allow any updates to the WordPress iOS app until the website builder added in-app purchases, from which Apple takes a 15-30% commission. * Apple is in a fierce fight with developers including "Fortnite" maker Epic Games and Spotify over its rules on in-app purchases. * Visit Business Insider's homepage for more stories. Apple has backed down in its latest skirmish with a developer over its App Store rules. The tech giant on Sunday issued a rare apology to WordPress after it pressured the website builder to add payment options to its free iOS app, or else be blocked from updating. "We believe the issue with the WordPress app has been resolved," an Apple spokesman told The Verge. "Since the developer removed the display of their service payment options from the app, it is now a free st...

SpaceX has a 'go' from NASA to return 2 astronauts to Earth on Sunday as Hurricane Isaias threatens several Florida splashdown locations

* NASA on Saturday gave SpaceX a "go" to undock the company's first crewed space mission, called Demo-2, and land it on Sunday evening. * Hurricane Isaias complicated original plans to return two astronauts to Earth aboard SpaceX's Crew Dragon spaceship in the Atlantic Ocean. * Elon Musk's aerospace company may now try to splash down NASA astronauts Bob Behnken and Doug Hurley in the Gulf of Mexico. * Two out of seven total landing sites near Florida must have good weather conditions, and NASA has until about 5 p.m. ET on Saturday to call off the undocking. * Should the weather worsen, NASA and SpaceX can try again a day later or some other date over the next two months. * Visit Business Insider's homepage for more stories. Astronauts Bob Behnken and Doug Hurley have a "go" to return to Earth this weekend and wrap up an historic space mission for both NASA and SpaceX.  Behnken and Hurley launched to orbit aboard SpaceX's Crew Dragon vehic...

What an independent contractor actually is and how it's classified under California's Assembly Bill 5, the gig worker law Uber, Lyft, and others are fighting with a November ballot measure

* California's Assembly Bill 5 (AB5) went into effect in January, adopting a narrow definition of independent contractor that forces Uber and other gig economy businesses to choose between reclassifying workers as employees or risking significant liability for misclassification. * The law serves as a reminder to California businesses to be careful when classifying workers as contractors.  * Classifying independent contractors falls into two main categories: the "right to control" test (often called the "IRS test") and the tougher "ABC test" recently adopted in AB5. * Uber, Lyft, and DoorDash have recently poured $30 million into Proposition 22 — a ballot measure intended to exempt major ridesharing and food delivery companies from AB5. If California residents vote the measure into effect in November, Uber and Lyft can continue classifying drivers as contractors.  * Visit Business Insider's homepage for more stories. In September 2019, Californ...