{"id":11833,"date":"2016-01-13T12:30:00","date_gmt":"2016-01-13T20:30:00","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=11833"},"modified":"2016-01-13T13:30:35","modified_gmt":"2016-01-13T21:30:35","slug":"cio-advice-for-weathering-the-cybersecurity-product-and-services-market-downpour","status":"publish","type":"post","link":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/2016\/01\/cio-advice-for-weathering-the-cybersecurity-product-and-services-market-downpour\/","title":{"rendered":"CIO Advice for Weathering the Cybersecurity Product and Services Market Downpour"},"content":{"rendered":"

The following is a guest post from Yisroel Hecht, former Chief Information Security Officer for the City of New York, and Associate Commissioner of IT Security at the NYC Department of Information Technology and Telecommunications.<\/em><\/p>\n

As cyberattacks continue to proliferate, so\u00a0do\u00a0the number of security products being developed to detect and mitigate these attacks. Corporate executives are in a\u00a0panic\u00a0to maintain their company brand and are, thereby, compelled to\u00a0invest extensively\u00a0in new products to enhance their cybersecurity posture. Unfortunately, many organizations lack the expertise in understanding how to countermeasure the\u00a0ever-emerging, dynamic and evolving cyberthreats, so they continue to layer their environment with additional security products. This approach creates more complexity in securing their digital assets and,\u00a0consequently,\u00a0renders new opportunities for adversaries to compromise their business.<\/p>\n

<\/p>\n

Vendors are keeping a watchful eye out for victims of cyberattacks to whom they can sell their products.\u00a0No assurances are provided to their clients that they will be able to further diminish the probability of a successful cyberattack.<\/p>\n

To highlight this point, I would like to share the following anecdote:<\/p>\n

After a tiring day of harvesting his crop, Ivan, a 13th century peasant, returned home to put his day\u2019s earnings into storage. Dark clouds rolled in and the wind began to howl as Ivan worked feverishly to pack his loaded wagon into the silo before he lost his crop to the approaching storm.<\/p>\n

A passing peddler\u00a0noticed the peasant whipping his oxen as he struggled to pull the oversized load through the small opening of the silo. Observing this, the shrewd peddler called out to Ivan, \"Why are you hitting the oxen? Can\u2019t you see the crop is too large for the small entrance? Here, take a look through this magnifying glass, and you will see the silo opening enlarge! Why don\u2019t you purchase this magnifying glass, and you will solve your problem by expanding the silo's entranceway.\"<\/p>\n

The simple peasant bought the magnifying glass for a hefty price, and the peddler went on his way. Ivan took a look through the magnifying glass and, to his delight, saw the entrance enlarge. He then whipped the oxen in an attempt to enter the silo; but, to his disappointment, the wagon wouldn't budge. Bewildered and angry he ran after the peddler, \"This tool doesn\u2019t work! I want my money back!\" The peddler chuckled and responded, \"Pay me another 20 percent and I will show you the most effective way to use this device.\" The naive peasant agreed and paid.<\/p>\n

The peddler explained, \"The problem is, when you look at the silo's entrance through the magnifying glass, the doors expand; but when you look at the wagon through the same side of the glass, the crop expands as well. The solution is simple: look at the silo opening using this side of the glass to see it expand. Next, turn the glass around and look at the load through the other side, and watch the crop shrink. If you follow these steps, you should have no problem getting your harvest into the silo.\"<\/p>\n

This time the peddler hurried on his way\u2026<\/p>\n

Critical thinking and sound decisions<\/h3>\n

Before procuring new security solutions, it is important to have a clear understanding of the key gaps in your InfoSec capabilities.\u00a0It is equally important\u00a0to make sure the intended product will meet the business objectives. Security is achieved through a blend of people, process and technology. Many times the solution that is obtained has numerous dependencies\u00a0in order\u00a0to be effective. The security solution\u00a0may require a specialized skill set or significant integration work before there is noticeable value derived from the purchase.<\/p>\n

The following\u00a0are some of the most recent trending products in the information security market: Cyber Threat Intelligence (CTI) and Threat Intelligence Platforms (TIP)<\/a>.<\/p>\n

Benefits of CTI include:<\/p>\n