logo
Published on Security Incite: Analysis on Information Security (http://securityincite.com)

Buying Security Products - The Series

By Mike Rothman
Created 2006-02-27 16:27

There might be no more pitiable predicament in life than being pitched a product that may not work very well by a salesman who works very well indeed.

That is how CSO’s Lew McCreary [1] starts a truly outstanding column about his experience seeing a top flight, very compelling demo. He comes to the conclusion that compelling demos do not a buying decision make. There are a lot of great parallels in Lew’s column to what a typical end user deals with when trying to buy anything. Clearly most folks are not prepared to deal with the sales tactics of top-flight enterprise security sales people.

Lew provides this great summary, which gives a quick indication of what you are dealing with [emphasis mine]:

But I was reminded anew how incredibly hard it is to separate claims about products from their provable capabilities. Good marketing offers food to the starving and drink to the parched. Done well, it brings a vendor within striking range of the customers’ wallets. But it shouldn’t be confused with neutral information, because it isn’t. Obviously, it’s in the best interest of buyers to let euphoria pass and then get down to due diligence. Check references (preferably those you can pick on your own from a long list of customers); call on independent analysts and trusted peers; and have a good set of metrics for the kind of improvement you would need to see in order to justify the cost of a system.

This also was clear from the webcast [2] I did with ForeScout last week. Since the subject matter was “how to successfully deploy NAC,” I spent some time discussing the procurement processes. That is one of the great values that end-user centric analysts can bring to the table, in that we deal with lots of customers buying lots of things. Through the pain of others, it’s possible to distill a set of buying practices that more often than not result in a helping a customer buy the right product at the best price.

There is also another side of the coin, which is how the vendor sales teams are trained to overcome your objections and close the sale. Since I spent the last 8 years helping those very teams position against competitors and discover the “pain” that would serve as a buying catalyst, I have a few opinions about what kind of buying process will most effectively deal with those tactics as well.

So this week, I’ll outline many of the things I’ve learned about buying security products. Some of the tips will make sense for your organization, some will not. But hopefully at the end of the road, you’ll have learned a bit and will be better prepared the next time you need to buy something.

Source URL:
http://securityincite.com/blog/mike-rothman/buying-security-products-the-series

Links:
[1] http://www.csoonline.com/read/020106/vendors.html
[2] http://www.forescout.com/index.php?url=news&section=webinars&id=022306