Scary Story of the Day: Security Vendors Know That Their Products Don’t Work. Getting SIEMFed and What Should a CISO Do?

No Gravatar

An interesting ZDNet article by @ChrisMatyszczyk was forwarded to me recently that made me shudder.  In it, the author relates a story of how, as he was golfing, he came across a security software salesman (from a company quite well known in its field) that casually admitted to him that the security software he sold “doesn’t work”.  The author went on to provide the reasoning that the salesman gave in that the hackers are always one step ahead and that for every piece of software, old or new, out there, there is always some small opening through which a hacker can enter.  To justify himself, he felt that since his company’s software was “pretty good”, compared to most others, he didn’t feel bad about selling it, despite the fact that it “didn’t work”. 

While it is impossible to conclude anything, based on one conversation, the salesman’s remarks provide a couple of insights that I felt are worthy of a blog.  Being in the industry for as long as I have, I do realize that there are some companies out there, fairly respected ones at that, who continue putting out solutions based on older and less effective technologies.  The first insight is that in many of these cases, it is the same base technology, that has gained them the market share, which is also the technology that limits them; making it almost impossible to stay at the cutting edge.  But the second, more powerful insight, is that hackers seem to always be a couple of steps ahead. There is a reason for that, and it is surprisingly tied to the first insight, as you will equally conclude.  

There was another article that cropped up on Threatpost recently that showed how bad it has become for IT managers.   According to the research report quoted in the article, “In a survey of 3,100 IT managers across 12 countries (at organizations with 100 to 5,000 employees), two out of three of them said their organizations (68 percent) suffered a cyberattack in 2018, despite efforts to prevent them. This, despite the fact that a full 26 percent of IT’s time, on average, is spent on cybersecurity issues.”  Also, in the article was a statistic that stated:  “Nine out of 10 (91 percent) of the respondents said they were running up-to-date cybersecurity protections at the time of a successful attack.” These are both depressing and distressing figures, especially when we know that there are solutions out there that WORK and that can help prevent such attacks.  Using a military analogy, on some bad days, as a security practitioner, it sometimes feel that we are fighting a guerilla warfare with a regimented army where you have a huge weight to pull along.  The tools do not respond well; there are thousands of SIEM records flying by, leading to SIEM Fatigue (internally we call it getting SIEMFed) and it leads to just brutal analysis paralysis!   

So, while on the surface, the salesman’s comment might put a damper on those of us who are truly putting out cutting edge technology that DOES WORK, because the more established players have the larger footprint, no one blames the CISO for buying their product.  Even worse, the fact is that they can market-their-way over new innovation!  And THIS is exactly what I love about security startups and is the primary reason why I have always worked with them.  

While the old guard continues to go along their merry way, patching their solution here and there in order to keep up with the more ground-breaking advances that are being made; smaller and more nimble security startup companies have the drive, the innovation, and more importantly, the agility that can match and respond to these hackers.  It is so fulfilling to see the impact of these cutting edge innovations and their instant impact.  Thus, my message to our fellow CISOs cannot be any clearer – true, no one gets blamed for purchasing an established toolkit, but you have to also remember that you shouldn’t just bet on one set of tools.  You need to ensure that you make room in your budget for the up and coming innovations.  Take advantage of these startup companies’ agility and eagerness to earn your business and to ultimately bolster your security. 

At Wedge Networks, what drives us day in and day out is the belief that our approach is disruptive to the industry.  We’ve always firmly adhered to the Detect and Block approach, despite most of the industry resigning themselves to cater to Detect and Remediate.  The thing is, as we’ve seen especially recently with the spate of ransomware attacks and advanced threats that have become the norm, Detect and Remediate is and always will be the more expensive way of doing things.  That’s why we’ve always focused our solution on PREVENTION.  If we can STOP attacks in the network before they can reach endpoints, the battle is already half won!   

But beyond the products and technologies, we have always maintained the startup culture – and yes, working with my very capable team – we have continually made decisions that often led our product to be re-engineered from the ground up.  This has its advantages, as we’ve been able to remain quite nimble; allowing us to stay at the cutting edge. Wedge’s core patented technology has been based around Deep Content Inspection, Orchestration, and hyper-streaming.  We’ve always believed that what you can’t see, you can’t catch.  While other companies had focused on deep packet inspection, Wedge looked ahead and instead focused on better ways that we could inspect traffic; ultimately patenting our Deep Content Inspection technology. The way that we can SEE content flowing through the network has always been one of our main selling points.  Combining this with the orchestration of the industry’s best-of-breed security services, along with AI and machine learning, has enabled us to keep our solution “Evergreen”.  We know that technologies can get old and dated so, with our open bus platform, and our team’s agility, we decided to continually integrate the cutting edge technologies that were leading to better solutions that worked.  We can continually add on the latest and greatest technologies into our platform, allowing us to stay several steps ahead of the game.  Finally, our patented hyper-streaming technologies such as SubSonic and GreenStream, allows us to do all of the above in real-time, which is what is needed to truly Detect and Block advanced threats as they’re hitting the network.   And now, we’re one of the first to incorporate at the network level, what I believe is the latest game changer – Artificial intelligence – but that is worth another series of blogs just by itself. 

Thus, assuming the story holds true, unless you want to pay for extra rounds of golf for the salesman out there who continues to sell a product that “doesn’t work”, I recommend that CISOs try out solutions and products in the industry that truly DO work.  We are so sure of the effectiveness of our product that we even offer our Wedge Advanced Malware Blocker (WedgeAMB) on a FREE 90 day trial.  Contact our team at: to learn more about a truly effective solution!

About Wedge Chief Scientist

Husam Kinawi, Chief Scientist Dr. Kinawi has a PhD and MSc in Computer Science from the Universities of Calgary, Canada and London, UK. In 1997, he co-founded Mpower Technologies Inc., a wireless telecommunications software company. In 1999, Dr. Kinawi co-founded (NASDAQ: AIQT), a Boston-based e-Business applications firm. Dr. Kinawi has over seventeen years of research and development experience working with industry leaders such as Newbridge (Alcatel), Siemens, United Technologies, and Apple in the areas of distributed information systems, embedded applications and wireless Internet solutions. Dr. Kinawi has also spoken at several major conferences, published several research papers, and is the holder of several patents in the area of mobile and wireless devices.
This entry was posted in Industry News, Latest Security News, Wedge News and tagged , , , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Before you submit form:
Human test by Not Captcha