Too Many Cybersecurity Vendors – Here’s How CIOs Are Managing It

April 30, 2018 | BY Armistead Whitney

Updated 9/30/19

The Current State:  Vendor Saturation

I attended the RSA Conference not long ago and had one big takeaway:  there are too many cybersecurity vendors. Vendor saturation is one of the biggest challenges currently plaguing the cybersecurity market, according to a recent ZDNet article. Security System Engineer Ronny Guillaume of Cisco Systems stated that organizations are bombarded by too much noise to actually understand what it is they need to protect their business.

"Studies have shown that companies have up to 70 different security vendors installed in their company to solve problems," he said. "Now imagine if you had to go and look at 70 different security products and understand what's going on within your specific environmentit's almost impossible."

The former Chairman of RSA, Art Coviello, agrees and added in this article, “When CISOs seek security technology to solve a specific problem they are faced with 1,500 vendors and the problem is almost insurmountable.”

The explosive growth and subsequent confusion with thousands of vendors can partly be blamed on venture capital—2017 alone saw VCs pump over $6.7 Billion into cybersecurity companies, double that of 2016. This means CIOs and CISOs are getting constantly bombarded by thousands of cybersecurity companies with confusing messages and misunderstood value propositions. The bottom line is this:  there is no shortage of technology to prevent threats; there is a lack of organizing people, process, technology and vendors in an easy way to manage a cohesive cybersecurity program. 

We've compiled 4 tactics to help you sort through the vendors and find a solution that fits your needs.

4 Ways to Sort Through Vendors

  1. Create an inventory of current tools being used. Once you’re able to catalog all of the platforms your team uses and what problem each one solves, you can remove redundant tools that cost you time and money. You can then create a tools coverage map to determine the gaps where you have opportunities for more coverage.
  2. Avoid solutions that only address points. If a tool only addresses a small part of your problem, it’s time to think bigger. You should choose products that that not only address multiple “points”, but also ones that provide you with a single pane-of-glass that can automate management and reporting.
  3. Be wary of the “we can do that” mentality. Oftentimes when asked if a certain capability is available, companies will answer with, “we can do that.” Press them further to get them to provide previous examples of companies using this or if you’ll find yourself as the guinea pig of a new project. If you’re okay with being the guinea pig, at least bring that to the light to score a discounted price.
  4. Read company reviews. Sites like Capterra provide third-party reviews of actual customers that have used the product. If a company provides their name in the review, consider reaching out to the contact to understand how they've implemented the product and any pitfalls they have perceived.

In Conclusion

Finding a solution that fits your needs can be challenging with the ever-changing list of suppliers out there. By mapping your current state and identifying gaps, avoiding one-dimensional solutions and becoming a guinea pig, and reading third-party reviews, you can be confident you've done your homework before presenting the solution to your superior.


The Apptega Solution

When looking for a solution to meet your multiple needs, consider Apptega.

Apptega brings together your people, process, technology and vendors all in one place giving you complete control of your cybersecurity program. Let’s say you’re following the PCI framework. PCI has almost 100 security elements, or 100 separate projects, you must document, staff, manage and solve all at once. Apptega helps you organize the entire programwho’s accountable, what’s the policy, when do things need to get done, how much are we spending, and are we on track with real-time scoring down to the sub-control level. Managing your vendor ecosystem is now easier with Apptega because you’re tracking their value to the most granular levels of a specific framework or policy. 

Let us show you how Apptega can help you turn your cybersecurity supplier chaos into bliss. 

Click below to learn more.

Schedule a Call