As cyber threats evolve, so do the tools. It’s a good thing that comes with a little caveat: how do you pick the right security tools to do the job for your organization? Often, it may feel like selecting a bulletproof vest, which you badly and urgently need, through an online catalog. Will it fit? Will it do the job as advertised? When will it be delivered?
Fortunately, in many cases, creators of cyber bulletproof vests are ready to deliver a trial of their solution before you buy. Cybers, as a dedicated security service provider, runs pilot projects for security tools nearly every week, so we know a thing or two about picking the right security technology for the job. This week, I sat down with Denis Katjuk, head of delivery at Cybers, to ask about the best practices in running a successful solution trial.
Vladimir: Hi Denis. Let’s discuss trial projects and how to make them successful.
Denis: Well, the first thing is to stop calling them trials. When a customer wants to replace a legacy solution with something new, they normally want to get a certain value. If they get something entirely new, they want to test a security concept in their environment to see if it makes sense. Hence, my team runs proof of value and proof of concepts projects, rather than trials.
Vladimir: O.K. PoV and PoC got it. There are a lot of vendors out there though, how does a company pick the right one?
Denis: It’s a 2-stage process. Stage one is done by our team and is somewhat recurring. We look at the most critical areas of security EDR (endpoint detection and response), NDR (network detection and response), SIEM (security information and event management), and email protection. Then we pick the vendors, which have the best offering, consider available research, and run our tests.
This means that first, our blue team runs the solutions in our lab to see the efficacy of technology and user experience. Then we hand it over to the red team, which tries to circumvent the security measures by deploying 0-day attacks or other options. With those two reports combined, we chose the product or vendor, which our account managers then recommend to customers.
Vladimir: Let’s take NDR, do you have any examples?
Denis: Sure, it’s quite a good example. Historically, most companies were deploying large and expensive IPS (intrusion prevention system) sandboxes to manage threats in their network. With the development of AI and ML though, the story has started to change and NDRs are gaining the upper hand. They are often lightweight, non-intrusive, and provide far better incident response capability than the classic IPS. However, as with many new things out there, not all NDRs are born equal.
Vladimir: Our preferred solution is the Vectra stack if I remember correctly?
Denis: Correct. We have looked at several solutions and Vectra.AI stood out immediately with a heavy focus on machine learning and ease of use. We ran our internal tests, the team was impressed and this is what we are offering most of the time today. Another quite appealing aspect is how easy it is to prove of value projects with them. Customers can either get an appliance or AWS installation to serve as the brain. Then, the solution “learns” throughout a couple of weeks and produces a near-perfect picture of network traffic and a whole lot of other things.
Vladimir: Do you have any examples of proof of value projects, you can mention?
Denis: Sure. One of the latest ones was our customer Tallink. They are operating a fleet of ships among other things and security has been their top priority for a long time. They already had an NDR solution in place, but it felt off. So, they started looking at alternatives and decided to give Vectra a try. Before starting the PoV we have identified success criteria: better detection, better incident handling, and better support for cloud-based applications.
The project took less than a month and the value was clear across the board. So clear, that Kalev Noor will be on stage at Security Summit in September to share the story in more detail.
Vladimir: COVID19 effects on the tourism industry have been brutal, I assume there was a question of price, before the PoV?
Denis: Yes. There always is, crisis or not. However, as our friend Mats Jeborn from Vectra.AI always says: “If price is the main objection, then we’ve failed to show the value”. For most of the products, we offer there are ample pricing offerings, typically an annual subscription with our managed service. In the case of PoVs, most of them are done free of charge. The basis is normally an agreement that if solution X can deliver ABC then we go ahead with full implementation. Testing for the sake of testing is a waste of everyone’s time, to be honest.
Vladimir: So, pick priorities, ensure that the needed value is delivered, and make the decision. Any parting words?
Denis: I think that many customers today underestimate the potential in their systems and miss out on a lot of value. Provided that their security architecture is well-designed, there is a lot of additional leverage, which can be delivered through integrations between systems. For instance, Vectra.AI has an excellent API, which can be used to connect NDR to EDR to SOAR (security orchestration and response). We can, of course, help with both creating a proper security framework and integrations.
Vladimir: Thank you!