Dear Security Vendors: We Need to Talk

Written by Dom Kirby

Former MSP Owner, CyberSec Practitioner, Modern Work Pro, Evangelist, Husband & Father

June 26, 2022

It’s not us, it’s you. We need to talk about marketing and how we should be presenting our products and services to newer practitioners in our space. For too long now, there’s been this marketing trend of “100% protection.” It’s got to stop.

The Truth About Cybersecurity

The truth is that in today’s modern landscape, 100% prevention just simply isn’t real. I’ve worked with some of the best products in the world, and you all are doing a fantastic job. But, as a business, you need to make your marketing teams rely more on your technical teams. Every practitioner with even a little experience knows that “Protect” is just a piece of cybersecurity. Obviously, it’s our first mission. If we could achieve 100% protection, we’d do it.

However, in today’s world, 100% protection is a fantasy. Even the sharpest XDR products on the market are subject to something new. Some new type of attack that you haven’t seen or thought of yet. The reality is that the bad guys only have to figure it out once, we have to figure it out every single time. By human nature, 100% protection is simply not possible.

Practical Marketing

When you come out with marketing around your perfect prevention, you’re really hurting everyone. Obviously, when something sneaks through, your brand will be hurt. Moreso than that, it will deflate the practitioners who rely on your tools. Instead of coming out with 100% protection messaging, think outside the box!

Position your product as the defensible choice. Talk about your research teams and the work you do to improve protection and detection. Talk, in a real way, about how you truly care for the infrastructure you’re entrusted to protect. But, most of all, communicate with your constituents that even your world class teams will miss the mark. Cybersecurity is a game. We’ll win some, we’ll lose some. Our job is to make sound, defensible choices about the products we use, frameworks we follow, and how we implement blue team practices.  Change your messaging and empower the practitioners who rely on your products to do their best work, with the understanding that we’re constantly fighting battles and we will have casualties from time to time.

 

You May Also Like…

Ready. Set. (Entra) Passkey!

Ready. Set. (Entra) Passkey!

Now that Passkeys are generally available, we can start thinking of strategies to implement phishing resistant...