Four Criteria for Evaluating a Security Vendor

Security is a process. No one solution protects against all threats, and no product remains unchallenged by the ever-evolving threat landscape. As threats evolve, so, too, does our security posture—the specific tools and policies we use to protect ourselves. In this way, security products are fundamentally different from other applications. You can buy a word processor and not worry about it for a few years; if there are bugs, you can probably work around them. For security products, the bar is much higher. Even simple design flaws and bugs will be exploited by hackers. Security vendors therefore have a much greater responsibility to their customers; their software has to be extraordinarily robust from the day it goes out, and they must respond quickly to security events, being willing and able to update their product often throughout its lifecycle.

An application vendor merely sells you a commodity; a security vendor is, in a very real sense, your ongoing partner. Not every company can function like this. Application software companies, in fact, are built differently from security software companies in four critical ways. When evaluating security products for your enterprise, make sure you also evaluate the vendors themselves, using these criteria.

Read Full Story