Cybersecurity's Solar Eclipse: How We're Being Blinded By Marketing Buzzwords

Jamie ButlerNovember 2017

Cybersecurity's Solar Eclipse: How We're Being Blinded By Marketing BuzzwordsThis summer's historic solar eclipse was an amazing sight that reminded us of the beauty of our solar system, as well as the fact that you should never look directly at the sun. The eclipse also reminded us that without being able to see something, understanding it can be very difficult. Having clear and transparent insight into something is critical -- and investments into cybersecurity solutions are no different.

Businesses are investing in cybersecurity in record numbers and for good reason. Effective cybersecurity is essential to protecting critical information and infrastructure from an ever-growing collection of advanced threats, but knowing how to allocate precious capital can be make or break. Unfortunately, a current lack of transparency is cause for great alarm, as it can have far-reaching implications that can damage all parties involved. Unlike with the solar eclipse, having only a partial view through eclipse shades or a pinhole box doesn’t quite cut it.

In the cybersecurity industry, a long period of over-funding and hype has resulted in a highly fragmented, extremely crowded and largely undifferentiated landscape of small-ish vendors -- nearly 1,500 in the U.S. alone. In such a crowded market, it can be difficult to find the signal amid the noise of boisterous marketing claims. Given the growing demand for security solutions, suppliers are coming out of the woodwork to cash-in, but unfortunately many offer options that solve one small piece of a problem and force users to manage multiple products that slow down protection against advanced attacks. In addition, a product’s efficacy can be hard to pin down, and many vendors make exaggerated claims shrouded in marketing buzzwords that do little to give buyers a clear picture of the problem being solved for their business.

Once an investment is made, companies need to be vigilant that the product is truly solving their biggest pain points. If the “solution” is so complex that it requires investment in people outside your organization, your product investment might not even be not worth it. Furthermore, because the needs of large and small organizations differ, it can be hard to know which security solution is best for you firm. Unfortunately, in an effort to avoid missing the “right” solution, businesses may be tempted to make multiple investments into a cadre of products, but the integration of overlapping products can create confusion and general implementation failure.

As the CTO of a cybersecurity firm that implements artificial intelligence (AI), I also see a lot of these same issues in the AI space where vendors too-often rely on marketing buzzwords without much substance to back them up. Just like security, AI is increasingly seen as a critical investment. This shouldn’t be too surprising given that AI and related technologies pose the opportunity to radically transform myriad industries and unlock new opportunities buried in mountains of data. But because of this, the intense appetite for AI products is leading to a glut of so-called solutions — many of which aren’t actually that intelligent. As with security, this makes investing in AI all the more difficult. In an overly-hyped industry awash with buzzwords and filled with companies more likely to receive funding just by calling themselves AI, businesses hoping to make smart, worthwhile investments might as well be looking directly into a solar eclipse.

Having said that, these roadblocks are certainly not insurmountable. Setting advanced testing standards would be an important step in codifying what is promised and delivered by various products. Unfortunately, much of the available third-party testing organizations receive compensation for testing, which makes the results inherently biased. Instead, non-pay-to-play organizations like MITRE and the Cyber Independent Testing Lab need to become the norm.

Additionally, independent organizations like Google’s VirusTotal can lead the way with recommendations around improving a transparent testing regimen. As Sean Gallagher wrote in this Ars Technica piece examining issues in AV testing, problems stem from the lack of agreed-upon testing standards.

 

 

Article Source: Forbes

consultpr newsletter

consultpr email marketing