Skip Navigation
BlackBerry Blog

Security Products: Separating the Wheat From the Chaff

NEWS / 08.10.17 / Chad Skipper

At this year’s RSA, there were more than 600 security vendors pitching their wares to attendees from around the world. At Black Hat in Las Vegas, the security vendor community once again congregated to share tips and tricks as well as highlight their newest security products.

For the decision makers - the people in charge of ensuring their IT environments are safe and secure - selecting products from this sea of vendors is a daunting task.

To better understand how these decision makers approach selecting IT security products, Cylance engaged Carbonview Research, a market research agency, to survey over 200 IT security decision makers across a variety of industries and company sizes about what they look for in a cybersecurity solution.

The Buying Criteria portion of the survey focused on the following topics:

  • Traditional antivirus (AV) vs. next-generation
  • Prevention vs. detection priority
  • Top buying criteria for security solutions in the coming year

The survey participants all work for organizations that must maintain security over a diverse network that supports a large staff. Even though many have signed two-year contracts with their current security vendors, they are constantly evaluating the latest products on the market to identify new technology that could improve their overall security posture.

While by and large the respondents agreed that 100% prevention of all threats is not possible, they do consistently evaluate ways to gain even incremental improvements by adopting new security tools.

We invite you to access the complete survey results here, but in the meantime, here are a few highlights:

Next-Gen Endpoint Security and EDR are Priorities

Given the evolving threat landscape that continually introduces new attack types, we wanted to understand the participants’ plans for future investments in endpoint detection and response (EDR). Only 5% of respondents had plans to refresh their existing AV solutions, while over 40% indicated they will be pursuing EDR and next-gen endpoint security products.

Prevention Dominates

For years, the mantra in security has been “it’s not if, but when you will be breached”. While 100% prevention is impossible, the results of the survey showed the overwhelming desire to prevent rather than detect, with over 80% of respondents prioritizing technologies and strategies that provide great prevention over great detection.

This could also be an indicator of the current lack of skilled security resources in the market. With a 1.8 million headcount resource gap forecasted by 2020, organizations are coming to grips with the fact that a prevention-first strategy is the only way they can realistically maintain a secure environment with limited security resources.

Not Just Any Solution Will Do

IT security decision makers do not take introducing or integrating new technology lightly. They have specific criteria that must be met in order to adopt new security products, and not just any solution will do. From performance to reporting, decision makers take a very reasoned approach to evaluating security products.

How Do These Results Compare with Your Plans and Criteria?

Read a summary of the Buying Criteria survey results here, to understand more about how your peers work through the complicated, and sometimes confusing, world of IT security solution selection.

INFOGRAPHIC: Buying Criteria:

Chad Skipper

About Chad Skipper

Vice President of Competitive Intelligence & Product Testing at Cylance

Chad Skipper leads industry analysis and testing of Cylance’s flagship product CylancePROTECT®. Chad is a security technologist veteran focusing on a broad section of the Information Security space. Chad has contributed heavily within product development, engineering, security research, product marketing and product management. Chad is a public speaker of many security topics through a variety of venues and is co-author of 'ext-Generation Anti-Malware Testing for Dummies.

Whether at Symantec, Cisco, BlackStratus, Dell, and now Cylance, Chad has played a significant role in the security design and architecture of endpoint, network, cloud, and hosted security services, and in advancements in security prevention, security management, monitoring, testing and intelligence mitigation solutions.

Chad holds a BS degree from Park University, Magna Cum Laude: Management/ Computer Information Systems.