Say it with me: There is no single SKU for security services. (SKU=Stock-Keeping Unit) What does this mean? That there is no Easy Button that you can buy to solve your cybersecurity needs. Still, you can be smart about buying cybersecurity services. I have some suggestions.
Cybersecurity is a dynamic solution space. Industry participants have not established clean service boundaries that put endpoint protection over here, anti-spam over there, and threat remediation down the hall. As someone buying cybersecurity services, you are challenged to find answers to some questions.
- What a vendor is selling.
- If this service is intended for customers like you.
- The problem that the proposed service intends to solve.
- Whether you are already solving that problem via existing elements of your cybersecurity program.
Confusing? You are correct about that!
What are the Enabling Technologies?
ChatGPT is technology’s shiny spoon now. It shows a lot of promise as a technology. But companies are not building ChatGPT products. Not yet anyway. Products can embody new technologies (or not). Technologies are capabilities that, with some luck, will get shaped into valuable products.
We can apply this thinking to cybersecurity. When you consider buying cybersecurity services, you can improve your chances of success by choosing services that include enabling technologies with long-term potential. Consider the following enabling technologies.
I will work here with a simple definition of machine learning: correlation. Two items are correlated if a change in one item is observed with a change in another item. Correlation is not causation, as the statistics nerds (guilty!) like to say. Meaning, we do not know why variable a goes up when variable b goes up. We just know that the two variables change value at the same time.
We notice that one email account is sending out large numbers of messages, and that these messages all have the same attachment. Hmm. Could be legitimate. Or it could be that the email account is sending out spam/malware messages.
Machine learning can look for correlations among many variables at once. The algorithm does not know why some variables are correlated with others. We humans, however, can look at the discovered patterns and ask what they mean.
Lesson? When buying cybersecurity services, look for ones that incorporate machine learning in some way.
This is why we like Inky so much. Inky is incorporating machine learning into the algorithms that spot spam and phishing messages. Over time, Inky can spot spam and phishing messages without being “trained” by users. We think a service that flags these messages for the user will be more valuable than one which depends on the user for its intelligence.
We can pair large datasets with machine learning for a double-dip of goodness. By itself, machine learning can happily correlate variables. However, if the machine learning algorithm is working with a small amount of data, we must accept that the correlation results might be in error.
Large datasets can solve this error problem. It is true that if we work with a large dataset, we cannot be sure that the variables have values that are evenly distributed (randomized). However, we know that we are more likely to be working with evenly distributed data when we work with larger datasets.
Think of it this way: You can run a machine learning algorithm against the cybersecurity events that have happened in your network in a year—maybe a hundred events. Now, imagine the provider of that machine learning algorithm running it against the cybersecurity events that have happened in all of their customers’ networks over the same time—potentially billions of events. Which case do you think will provide the more reliable results?
The lesson here is to preference vendors that run their machine learning algorithms against all their customers’ datapoints when you consider buying cybersecurity services.
Is This Tool for Me?
Have you heard that expression, “the right tool for the job”? How does it apply when buying cybersecurity services?
Every service is designed with a target market in mind. Product people work hard to understand the needs of this target market, and build the most needed capabilities into their service. What happens if you consider buying cybersecurity services that are intended for a different target market than the one you are in?
- You pay for functionality you will not use. Are you ever going to use features that help a security operations team?
- You over-pay for a solution. When we helped one customer select a Managed Detection and Response service, one RFP responder gave us a proposal that cost eight times the next most expensive response. You do not buy a car with autopilot navigation if you just want to listen to the whoopee cushion sounds the car can make.
We had this conversation with ActZero, who provides an MDR service we like. They have come back to us with pricing that is matched to our customer base. We like the tool. And now we like the pricing. We are looking forward to selling ActZero to our customers as the right tool for the job.
When Buying Cybersecurity Services are You Investing in the Right Technologies?
I have pointed out some enabling technologies to consider when buying cybersecurity services. Of course, choose the services that deliver the best solutions for you at a fair price. With the solution space in flux, pay attention as well to the technologies underlying those services. Choose the cybersecurity services that will improve as the underlying technologies mature.
Disclaimer: ChatGPT did not write this blog post.