There's no way you can evaluate them all, take a meeting with many of them or even read their product white papers. You have to have some way to screen vendors. Here’s some criteria you can use that might help with screening, great vendors pass many, probably not all: 2/24
-
-
Prikaži ovu nit
-
1. No B.S. Statistics. If the vendor pushes some clearly made up or over-inflated “study” that, for example, cyber-crime or some other thing is now exceeding the GDP of the planet then they can be scrubbed from the list right away. 3/24
Prikaži ovu nit -
2. Investor Expertise. If it is a private company check that the investors (venture capital, private equity) have the expertise to not only help the company grow but are able to stand behind the products and provide in-depth guidance. 4/24
Prikaži ovu nit -
For public (and private companies), look for similar expertise and product centricity from multiple of their Board members - a good flag here is whether some Board members have a track record of having been in actual security roles. 5/24
Prikaži ovu nit -
3. Grass Roots Demand. Demand from end users, engineers, security team - genuine buzz/zeal shown by organic take up that led to an enterprise deal. The graveyard of hopes & dreams of vendors and customers alike is full of imposed product use from a top-down executive sale. 6/24
Prikaži ovu nit -
4. Adjacent Benefits. There are demonstrated adjacent benefits e.g the security monitoring product can enlighten app teams as to performance or other issues, the authentication product delights customers or reduces friction as well as risk. 7/24
Prikaži ovu nit -
5. No Hypothetical Savings. Saving 10 mins of user time, saving 100 help desk calls/day, or reducing false alerts by 10% do not add up to actual monetary savings unless you are paying piece rates, or the savings are so much that they will trigger cuts or cost avoidance. 8/24
Prikaži ovu nit -
6. Disdain for Ratings & Awards. The leadership/sales team (I assume engineers default to this) have a disdain for analyst ratings/industry awards. I’m not naive, I know you need some of these to pass the RFP filter of some large orgs so the game needs to be played a bit. 9/24
Prikaži ovu nit -
7. Engineering Respect. The engineers in your organization and those at the vendor respect each other because of known expertise, research, (good) conference presentations, blogs, past work relationships, or other reputed caliber. 10/24
Prikaži ovu nit -
8. Product Displacement. It can demonstrably displace at least 1 (ideally 2) other products which (see Adjacent Benefits) might not just be security products. 11/24
Prikaži ovu nit -
9. 80/20. The product can work - not perfectly, but good enough, with existing infrastructure e.g. monitoring product can run ok on existing logs, but to be awesome it might need some extra collection or specialized sensors. 12/24
Prikaži ovu nit -
10. API Accessible. It is API accessible, amenable to automation and can have its configuration managed like code. They are honest that the GUI (unless the purpose of the product is the GUI) is just for sales demos and for organizations early on the automation journey. 13/24
Prikaži ovu nit -
11. Security Assurance. The product is continuously and rigorously security reviewed by a named (and reputable) independent testing organization as well as their own testing team. 14/24
Prikaži ovu nit -
12. Executive Knowledge. The CEO knows the product, can demo it reasonably well, and knows the key product roadmap decisions that have been made and are in pipeline to be made. 15/24
Prikaži ovu nit -
13. Self-Use. They use the product for themselves and their own CISO can demo their own use - the CISO isn’t purely a customer advocate. 16/24
Prikaži ovu nit -
14. No FUD. The vendor never uses phrases, when initially rebuffed, like….. “well if you don’t care about your security then I can see you wouldn’t want to pilot us”, or “we’ve heard other customers are very unhappy with [competitor]". 17/24
Prikaži ovu nit -
15. Metrics. They are visibly obsessed (almost to the point of being really annoying) by actual customer success metrics and data derived (appropriately) from product instrumentation. 18/24
Prikaži ovu nit -
16. More than a Feature. If the product screams loudly that it is just a feature waiting to be built into products/services you already have, or you can easily write the potential AWS, GCP or Azure “press release” for this feature then you might want to tread carefully. 19/24
Prikaži ovu nit -
17. Technical White Papers. When you ask for a white paper you actually get one - & don’t get me started about filling in forms to get access to white papers on sites, hint, if you ever see gjho@gjhrogtoh.com or something like that in your sales lead database,that was me. 20/24
Prikaži ovu nit -
But, remember that we are all on the same side. Vendors are full of professional people from engineering to product and sales doing their best to build and deliver a great product, are passionate about their goals and want to help you get the best outcome. 21/24
Prikaži ovu nit -
Like all of us, sometimes, they are working with imperfect processes in systems that conspire against them and are doing their best to keep improving. People deserve respect & if you can find the time to politely coach vendors on these points then we'll all end up better. 22/24
Prikaži ovu nit -
Bottom line : even applying just a few of these filters will get you to a pre-shortlist of vendors to explore. Although, there’s nothing better than having a clear view of your actual requirements before talking to vendors and using that to guide where you focus. 23/24
Prikaži ovu nit -
Doing that may make you realize you already have the capability as some feature you already have. It’s in all our interest (investors, customers, vendors) to get better at doing these things to keep improving the market. We are all someone's vendor. 24/24
Prikaži ovu nit
Kraj razgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.