At this year’s RSA, there were more than 600 security vendors pitching their wares to attendees from around the world. At Black Hat in Las Vegas, the security vendor community once again congregated to share tips and tricks as well as highlight their newest security products.
For the decision makers - the people in charge of ensuring their IT environments are safe and secure - selecting products from this sea of vendors is a daunting task.
To better understand how these decision makers approach selecting IT security products, Cylance engaged Carbonview Research, a market research agency, to survey over 200 IT security decision makers across a variety of industries and company sizes about what they look for in a cybersecurity solution.
The Buying Criteria portion of the survey focused on the following topics:
- Traditional antivirus (AV) vs. next-generation
- Prevention vs. detection priority
- Top buying criteria for security solutions in the coming year
The survey participants all work for organizations that must maintain security over a diverse network that supports a large staff. Even though many have signed two-year contracts with their current security vendors, they are constantly evaluating the latest products on the market to identify new technology that could improve their overall security posture.
While by and large the respondents agreed that 100% prevention of all threats is not possible, they do consistently evaluate ways to gain even incremental improvements by adopting new security tools.
We invite you to access the complete survey results here, but in the meantime, here are a few highlights:
Next-Gen Endpoint Security and EDR are Priorities
Given the evolving threat landscape that continually introduces new attack types, we wanted to understand the participants’ plans for future investments in endpoint detection and response (EDR). Only 5% of respondents had plans to refresh their existing AV solutions, while over 40% indicated they will be pursuing EDR and next-gen endpoint security products.
For years, the mantra in security has been “it’s not if, but when you will be breached”. While 100% prevention is impossible, the results of the survey showed the overwhelming desire to prevent rather than detect, with over 80% of respondents prioritizing technologies and strategies that provide great prevention over great detection.
This could also be an indicator of the current lack of skilled security resources in the market. With a 1.8 million headcount resource gap forecasted by 2020, organizations are coming to grips with the fact that a prevention-first strategy is the only way they can realistically maintain a secure environment with limited security resources.
Not Just Any Solution Will Do
IT security decision makers do not take introducing or integrating new technology lightly. They have specific criteria that must be met in order to adopt new security products, and not just any solution will do. From performance to reporting, decision makers take a very reasoned approach to evaluating security products.
How Do These Results Compare with Your Plans and Criteria?
INFOGRAPHIC: Buying Criteria: