Maxim_Kazmin - Fotolia

Security pitches come in for heavy criticism

The way that security products are pitched to users has come in for criticism from a leading cyber security think tank

Just how the channel pitches security could be changing with many of those responsible for hearing pitches complaining they are being swamped by information.

A report from the Institute for Critical Infrastructure Technology (ICIT) looking into the trend of chief information security officer solution fatigue has called for technical staff to take up the responsibility of listening to product pitches.

"Over the course of their role, some CISOs claim that annually they may hear hundreds of company pitches for security tools and solutions," stated the report.

Those pitches have expanded in number as a result of a large number of cyber security startups along with the chance for existing vendors to widen their portfolios by adding cloud specific technology.

Channel response

James Scott, ICIT senior fellow and co-author of the report, said that the channel had a role to play in making the life of the CISO easier.

"If resellers understand the contributing factors to CISO fatigue they can certainly be part of the solution of easing the CISO's anxiety," he said.

He suggested four things for resellers to consider:
1. Accept pitch meetings with company technology staff as part as the vetting process.
2. stop naming your solution as the 'silver bullet' solution as it undermines greater community and poisons vendor /consumer relationships
3. sell the solution rather than the product
4. know that the CISO needs to ensure the product meets business needs and organization mission

"Solution overload can be overcome by altering the business model to value long-term stability over short term potential gains. Technical staff should listen to pitches and evaluate tools so that the CISO can focus on the development and alignment of the strategic vision of the security program to the business mission and to the policies, procedures, guidelines and standards to which the organisation must adhere," the report recommended.

There was also some criticism for the way that security solutions are pitched with promises being made that could not be delivered.

"Vendor attempts to offer silver bullet solutions undermine the community at large and poisons the vendor-customer relationship. The culture promoting these inadequate solutions distracts CISOs, technical personnel and solution developers from the risks and threats in the threat landscape and it distracts them from designing the right solutions to address the market needs," the report stated.

The advice for the security officers was to ignore the hype and look at solutions rather than products as well as share information in a particular vertical to highlight those products that have proven they can deliver.

Read more on Threat Management Solutions and Services