Why Aren’t Cybersecurity Tools Living up to the Hype?

Navigating the complex labyrinth that is the cybersecurity vendor market is a challenge — and it’s not getting easier. More vendors emerge every year, vying for the attention of buyers and making claims on their use of the latest tech to offer the best defense against past, present, and future cyber threats.

In many organizations, especially in those that lack extensive cybersecurity expertise, making the right choice can feel overwhelming and lead to uncertain decision making. IT departments are stretched thin, and staff are often overworked and under-resourced. For the IT or cybersecurity leader, the pressure to protect their organization from ransomware, targeted phishing attacks, and mobile threats is immense. Where do they begin and what exactly do they need? These are just a few of the questions they need to grapple with.

If the wrong decision is made, they may find themselves locked into a one-year (or more) contract with a tool that fails to live up to its promises. This worst-case scenario isn’t a hypothetical either. According to our recent Cybersecurity Assessment Report, 54% of respondents said they purchased a cybersecurity tool that didn’t live up to its marketing hype this year alone.

So how can you be a more informed and effective buyer of cybersecurity tools? This article offers insights on some of the key considerations when selecting a cybersecurity tool and provides helpful tips to help you make decisions that will truly enhance your organization's cyber defenses.

The Challenge: Not Knowing What You Need

One of the challenges organizations often face when purchasing cybersecurity tools is not having internal clarity about their own organizational needs. For example, is the workforce primarily remote or hybrid? Where is the most critical information stored, and what types of safeguards are already in place. And, what IT investments have already been made that will need to be considered? If you haven’t done the right internal assessment, you may not even know what needs you have and may end up buying a tool that doesn’t necessarily fit your organization or even is downright inappropriate for your cybersecurity infrastructure.

This issue can be exacerbated by the marketing hype that surrounds many cybersecurity products. Vendors often leverage “buzzwords”, technical jargon, and over promise the features and benefits of their product or service. IT buyers with minimal cybersecurity experience may end up buying into the hype and end up with the wrong tool. The tool may be perfectly suited to a different organization but its feature-set won’t translate into the practical, day-to-day functionality your organization needs. You’ll end up with a tool that’s at best, ill-fitting, and at worst, virtually useless. Ask any seasoned IT security professional and they are likely to have a good story about a hyped up product becoming “shelfware.”

The Challenge: Buying into Overmarketing

Another significant pitfall that organizations must avoid when navigating the cybersecurity market is falling for overmarketing. We talked about how this may lead to choosing a tool that isn’t the right fit for your organization but there’s also the risk of choosing an outright poor vendor or overpaying for a mediocre tool, which can have internal organization ramifications beyond just an impacted budget.

The cybersecurity vendor industry thrives on technological innovation, and often jumps on the latest buzzwords like "deep learning", "machine learning", "next-gen", "AI-powered", and so on to stay relevant. Even for experienced IT buyers, it can be difficult to decipher what these terms actually mean. For the inexperienced buyer it’s an even bigger challenge.

Some vendors may also overstate the capabilities of their tools and claim their products come with certain features, capabilities, or integrations that don’t exist, don't work as advertised, or come with prerequisites you weren’t aware of. As a result, organizations can end up purchasing a product that is fundamentally different from what was marketed to them. This can take up valuable budget and leave you with fewer resources to get a tool that actually provides the defense you need.

In the end, the organization is left with a cybersecurity tool that does little to improve cyber resiliency and security posture. It becomes a hollow investment - costing money and resources but contributing minimal value.  

The bottom line is that its important to make sure you’re having the right conversations with your prospective vendor’s representatives to get as much clarity as you can on how their tool works and how their marketing terms actually apply to features and benefits. It's also important to conduct a proof-of-concept (POC) in your environment to see how the technology actually works. This due diligence is key to ensuring your investments in cybersecurity tools pay off.

The Challenge: Not Mobilizing Your Organization/Department

The effectiveness of a tool is not just about its individual capabilities, it’s also heavily dependent on how well it's utilized within the context of your organization. Having a mobilized department or organization that can make the most of a new tool is crucial, especially if it’s a tool that is wide-reaching across your organization.

Some cybersecurity tools can deliver outstanding results but require a specific skill set or a sufficiently large team to operate them effectively. For example, a tool powered by advanced machine learning might require users to understand certain AI concepts to configure it effectively. If the team lacks this understanding, they may struggle to use the tool properly. Nearly 40% of the respondents in our Cybersecurity Assessment report said that a lack of internal skill sets led to not having full value of a cybersecurity tool while complexity was reported as a major factor by over 40% of respondents.

Another related issue comes into play when a small IT team, already stretched thin, is burdened with the management of a complex cybersecurity tool. This tool may produce a large number of alerts and require constant monitoring and management - tasks that the team simply cannot handle because it’s too small or because other responsibilities hold a higher priority.

However, it’s not just important to ensure your department can fully make use of a tool, building cybersecurity culture within the entire organization is necessary for optimal implementation. Consider this scenario: you purchase a new cybersecurity tool without involving the IT team. When it comes to implementation, you get pushback, it’s deprioritized, and it becomes months before the tool actually starts working for your organization.

However, if you’ve built a security culture in your organization and incorporate key stakeholders in your procurement process, you’ll be able to better leverage any tools while having buy-in from your external departments.

How Department Leaders Can Be Better IT Buyers

The success and effectiveness of a cybersecurity tool depends not only on its inherent capabilities but also on the people and processes behind it. Therefore, organizations must ensure they have the resources, both in terms of personnel and skills, to handle the tools they're investing in. Here are some of the key takeaways that can prime your organization to become a better purchaser.

Prioritize internal cybersecurity assessment - Before you look for tools, get an understanding of what your company needs and what your department can handle, that’ll help narrow down your search.

Build a security culture for stronger buy-in - This will ensure your tools integrate properly and usage of any tools and subsequent processes are enforced by department heads.

Consider an MDR provider - A Managed Detection and Response provider can solve a lot of the complexity that resource constrained organizations face.

MDR providers bring their own solutions and, as the name suggests, do a lot of the managing for the organization — different MDR solutions offer a spectrum of managed services depending on what the organization needs. However, they largely provide 24/7 protection and eliminate the need for additional staff and often automate many cybersecurity tasks. Rather than burdening a cybersecurity team, they’re designed to augment and complement an existing team.

To learn more about our MDR solutions: