There has been a common feeling of confusion these days during vendor briefings related to “what the product is about”. It’s crazy, but we’ve been spending a lot of time just trying to match the products to existing definitions. It could be just a case of outdated definitions and the need to create new ones (Noooooooooo), but it’s deeper than that: We are seeing many different capabilities being packaged in completely different ways. So, you talk to a vendor known as an “Endpoint Detection and Response” vendor, who could also be seen as a regular (or NG) Antivirus or, wait for it, a behavior analytics tool vendor!
That’s not only confusion for us analysts; it also makes it harder for clients to assess and select products. We know that it is happening when we talk to clients and vendors and see that tools presumably from different “categories” are competing against each other in the same initiatives. There are organizations out there comparing a UBA tool with EDR, or NFT with SIEM, etc. Why is this happening?
I can see two possible explanations:
- No one has a clue about what they need to buy or even what they need: This is the cynic in me speaking. Organizations working on a crazy reactive mode to the pressure of “doing something”, converting that to “buying something” without necessarily knowing what is necessary and what should be bought. Of course, this is a very common and well known path to failure.
- Organizations are approaching the same problems in vastly different ways: There is that old saying of “many ways to skin a cat”. There are many ways of “doing security” too. Security organizations can be split in different roles and groups, using a different set of tools and building on top of different architectures. Of course, much of it will be very similar, but there’s room for different approaches. The diversity in product packages could be explained by organizations approaching the vendors with the same requirements grouped in different sets according to how they chose to operate.
I believe the truth is in the middle of those two. Is there anything else I’m missing here? Maybe the incentives to vendors to get VC funding are modeling how they present their offerings too? What do you think is behind this craziness?
Anyway, I believe the RSA Conference next month will give us a good opportunity to try to answer that. Let’s see how the Expo floor will look like and what people will be saying there.
from Augusto Barros http://ift.tt/1P6kTnK