, 9 tweets, 2 min read Read on Twitter
Starting tomorrow, vendors will be competing for security $$ at one of the biggest events of the year. They'll make promises about efficacy. I'll give them the benefit of the doubt on their claims. But before saying "ooh, shiny, I NEED one of those" ask yourself some questions 1/
1. Do I really need this? Why? Let's assume it solves a problem. Is this a problem I have?
2. Am I buying a response capability when I don't have a corresponding detection capability? You won't be responding to 100% of what you don't detect... 2/
3. Are you buying *another* detection capability where you already have redundancy but lack a response capability? I've lived that. It sucks to say "we saw them (again) and watched while they moved laterally (again) and exfiltrated data faster than we could respond." 3/
4. Are you buying a detection capability that will only be triggered after other capabilities would have already detected the attacker? E.g. code injection detection is awesome. But code injection isn't magic. The attacker needs to be executing on the box first. 4/
5. Is this a VC funded startup? If so, what are the odds they sell out vs. going public? Because those are really the only two outcomes. If they sell out, all promises made about support, direction, etc. are off the table. 5/
6. Examine your recent incidents. If you haven't had any, talk to your ISAC or sharing group about theirs. Would the product have enabled earlier detection, faster response, or mitigated damage in those specific circumstances? If not, what's YOUR value proposition? 6/
7. Do you have the expertise in house to use the product to it's potential? The demo was awesome, but it was operating in a contrived environment and being driven by experts. Your results may (will) vary. Do you have budget for professional services too? 7/
8. Does your org have the political will to deploy the solution. This is a major fail point. Many orgs buy solutions they can't get deployed due to various logistical hurdles. I hate to see budget wasted on bitrot. 8/
I could go on all night, but I'm going to end here. Go attend all the vendor parties and collect all the awesome tee shirts (and donate them to the homeless/underprivileged), but don't get suckered into buying stuff you don't need/can't use. /FIN
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Jake Williams
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!