The Southern Fried Security Podcast
About This Show
Join Andy Willingham, Martin Fisher,Steve Ragan, Yvette Johnson, and Joseph Sokoly as they discuss information security, news, and interview interesting people. Get in the discussion at www.southernfriedsecurity.com.
Most Recent Episode
Episode 194 - Evaluating Security Product Vendors
3 days ago
Evaluating Security Product Vendors In light of recent news about “Vendors Behaving Badly” we want to talk about how a security professional should evaluate vendors and their products. Recent News: Tanium exposed hospital’s IT while using its network in sales demos: https://arstechnica.com/security/2017/04/security-vendor-uses-hospitals-network-for-unauthorized-sales-demos/ Lawyers, malware, and money: The antivirus market’s nasty fight over Cylance: https://arstechnica.com/information-technology/2017/04/the-mystery-of-the-malware-that-wasnt/ There are so many different sources of information about vendors and their products. You owe it to yourself to evaluate not just the vendor but also each source of information. Analyst Firms: Gartner/Forrester/etc Always remember they take a very generic view using a notional enterprise as the standard. Current customer interviews are important but, remember, those customer contacts likely came from the vendor. The perception of “Pay for Play” is there no matter how much the firms want to squelch that. These tests presume a lot so make sure you understand what the conditions of the test were. The “Pay for Play” perception exists here too…. The results of the testing aren’t specific but can h