EC’s Rashi Varshney caught up with cyber security firm Fortinet’s Joe Sarno, Vice President, International Emerging, MEA, Eastern Europe, India & SAARC to find out those five points he think, a CISO should look while selecting security vendor
The cyber security firm Symantec Corp recently revealed in its new research demonstrating how cyber criminal networks are taking advantage of lax Internet of Things (IoT) device security to spread malware and create zombie networks, or botnets, unbeknownst to their device owners.
Symantec’s Security Response team has discovered that cyber criminals are hijacking home networks and everyday consumer connected devices to help carry out distributed denial of service (DDoS) attacks on more profitable targets, usually large companies. To succeed, they need cheap bandwidth and get it by stitching together a large web of consumer devices that are easy to infect because they lack sophisticated security.
Beside latest buzz of IoT or its risk, we see that large multi billion companies keep suffering with major breaches, as simple as malware, email phishing and data leak. The re-enforces the fact that CIOs and CISOs still have a long way to while securitizing their enterprise.
1) The first thing Joe Sarno, Vice President, International Emerging, MEA, Eastern Europe, India & SAARC will see into a vendor is that how solid is the cyber security company, “financially how they perform in terms of company how much money they put into r&D what is their road map so how well is their vision on the future solutions that the you would need to bnring into the market to address the new types of issues,” he said.
2) He also said that support is another important aspect, a CIO or CISO should keep in their checklists. “I would address the capability of supporting my company in terms of support services, professional services, escalation services, and if the vendor is able to give residential engineers on site,” added Sarno.
3) He also said that as a CIO or CISO, he will feel more comfortable engaging with a vendor, would support during a long life cycle.
4) Besides this, he suggests the basic questions such as how solutions offered would address the particular issues of the company.
5) Fortinet’s Sarno also said that it is equally important to find out if the cyber security solution provider is evolving into the future, “because what is happening today is obviously important but I would like to see the future evolution in how this company can support me and give me the right type of solutions I would be looking for in terms of security,” he said.