Safeguarding an organization from cyber threats is no small task. It takes a lot of expertise, staff and time — resources that are almost always in short supply today. These are some of the main reasons why 88% of organizations favor outsourcing for their IT security operations.1
Engaging a cybersecurity vendor for endpoint protection and extended detection and response (XDR), cloud security, identity protection or services like managed detection and response (MDR) can provide an effective approach for tapping into expertise that equips your organization with security best practices. But how do you choose the vendor that’s right for you?
When you gaze into the deep well of cybersecurity vendors, you’ll see there’s a lot to choose from. That’s great news, but it can also be overwhelming to know where and how to begin your search. Cybersecurity vendors vary widely depending on the focus of their offerings, regions they serve and their overall reputation.
Before you start your search, it’s important to know what solutions you’re looking for. Once you know what you need, these eight factors will help you assess a vendor to navigate choosing the one that’s a great fit for you today and in the years ahead:
1. What’s their reputation in the market?
Your cybersecurity vendor should have a proven track record in the market. Research their industry recognition, looking for things like accolades in the form of awards, third-party evaluations and industry analyst reports. If the vendor is publicly traded, review the financials to confirm they have a positive growth trajectory. You’ll also want to assess their focus on innovation. By looking at their press releases over the last couple years, you should get a solid sense of how committed they are to enhancing their products, as well as expanding their portfolio to address the ever-changing cybersecurity landscape.
CrowdStrike Achieves 99% Detection Coverage in First-Ever MITRE ATT&CK Evaluations for Security Service Providers
2. How accessible are they?
Cybercriminals like to strike in the evenings and on the weekends, which means there’s a high possibility you’ll need to connect with your vendor outside of nine-to-five business hours. Review their technical support to see if they provide 24/7 coverage. Also, how easy is it to reach out — are they available by phone, email or through other means?
3. How’s their customer success?
It’s always helpful to gather input from existing customers to understand how they feel about the vendor relationship. Ask for references, read customer case studies and consult peer review sites like Gartner Peer Insights and G2. In addition, reach out to your trusted colleagues to better understand if the vendor has expertise in your particular industry.
4. Is the pricing affordable?
While pricing alone shouldn’t be the deciding selection factor, the vendor should provide competitive pricing that fits within your company’s budget. Be wary if they’re offering a deal that’s too good to be true as it likely can turn into a “you get what you pay for” situation. Lastly, the vendor’s pricing model should be easy to understand so you can forecast for your annual security budgets.
5. What’s their incident response plan?
A vendor’s ability to help you recover from an attack is just as important as the caliber of their protection capabilities. In the event your company gets hit by malware or another threat, your vendor should have a response plan on the ready along with the expertise to get you through it. While the scope of each threat response is unique, your vendor should have a proven track record of delivering fast SLAs on incident response.
6. Do they offer a warranty?
Other industries have long offered warranties to assure customers that the products they purchase will function as advertised. Similarly, cybersecurity vendors are beginning to offer protection or breach warranties. Look to see if the vendor offers a warranty in the event of a security incident within the environment that’s protected by the vendor product. It’s also important to know if the warranty offered comes with an additional cost.
CTA: CrowdStrike $1M in breach response with Falcon Complete
7. Will the technology scale with your growing business?
When you review vendor solutions you should also assess their “future proof” factor. Meaning, how scalable and flexible is the solution in its ability to meet your future needs? Your cybersecurity vendor solution should make this easy. A future-proof solution will support you as you grow and your needs change, without having to be “ripped and replaced.”
8. Do they take a holistic approach to cybersecurity?
If you have a specialized need you’re trying to address, it might work fine to choose a vendor that takes a segmented approach to cybersecurity that narrowly focuses on solving a specific challenge, but that’s very uncommon. For IT operations, companies must address a wide gamut of security needs, and a vendor that takes a holistic approach to cybersecurity will provide you the best fit to do that. Also, look for a vendor that has a unified platform for managing their broad portfolio. Whether you’re managing the solution directly or going the managed services route, a unified platform will minimize the number of technologies to deploy and maintain.
These eight assessment areas should give you a solid foundation for navigating your vendor selection process. When you’re ready to start your next vendor evaluation, be sure to include CrowdStrike on your list.
Ready to try CrowdStrike? Start a free, 15-day trail of the Falcon Platform today.
- Article: How to Hire a Cybersecurity Expert
- Article: How to Create a Cybersecurity Budget
- White Paper: Small Business Cybersecurity Survival Guide
1. Pulse. Outsourcing Cybersecurity. July 2021.