IT Security Vendor Testing

Here at PlexNet we spend most of our time working with customers, providing solutions and generally trying to do the best we can for all our clients. From time to time though we also get to read what’s out there on the internet.

Typically we don’t get too caught up in a lot competitive information or even read what our competitors are up to, because at the end of the day we’re just too busy to get distracted.

However, whilst looking around at a number of similar solutions from different companies I read a very interesting Sofos blog article Thoughts on Comparative Testing, the beginning of it replicated here:

For months, Cylance has sought to dazzle audiences with its “Unbelievable” demonstration, staging well-choreographed battles against other IT security vendors, including Sophos. The exhibition ends with Cylance delivering near-perfect scores while everyone else (predictably) shows lackluster results. Yet when the playing field is leveled, and Cylance’s product comes under real scrutiny, the company cries foul, puts the fear of lawsuits into the minds of its partners, and accuses others of “smoke and mirrors” tactics.

At a recent Cylance presentation during an industry event in Las Vegas, one Sophos customer (from Chicago) in the audience asked to see how the Sophos product was configured for Cylance’s “Unbelievable” demo. On reviewing the settings, the customer discovered that key (and default) protection settings had been disabled. When the customer insisted that Cylance enable the proper default configuration and re-run the test, Sophos beat Cylance. The same behavior has been reported by multiple other vendors, including the disabling of everything other than hash lookups – an unfair test to say the least.

I was very interested in the company vs company discussion, and the ‘our product is better than your product posturing’. Whilst the reading was interesting, ultimately the end result really is not the focus here, but moreso with so many security products on the market and seemlingly so little testing what can be done for everyday users, enterprises or government departments.

It’s a minefield out there even for people like us who are in the industry, so for those smaller businesses it must be even more so. There are products and products that focus on malware, ransomware and viruses. Sure we all have competition and the testing and analysis environment that PlexNet plays in is no different. However, the software security solutions sector seems to have a lot of products and probably for good reason too. There are after all, nefarious people out there trying to do everything from create a botnet farm to hack presidential elections.

So how do people essentially test all these solutions? Not easily is probably the best answer, but for medium to large enterprises and government entities it is certainly affordable to get a solution or a service to do this. This is where these organisations need to find reputable toolsets do look at these solutions.

Now whilst the obvious lead-in here is “give us a ring or send us an e-mail and we’ll help you out”, the real wrap-up to this is that like PlexNet there are specialist companies that provide these solutions and services for a living. Our collective aim is ultimately to solve the customer’s problems, whilst at the same time trying to make a living out of what we really enjoy doing.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.