While spending money on a good cybersecurity platform is no longer a luxury for companies but a necessity, it’s still an important investment. And like a lot of big purchases, it’s crucial always to kick the tires before you buy or switch.
If you don’t, you could regret it.
A real-world example
Here’s a recent example:
CISO of a large high-tech company was approached by an integrator looking to sell an EDR platform. A product that’s highly rated with great scores and reviews by various labs and analysts.
The only problem was that this CISO was already happily using another EDR product. With Cymulate, he was able to continuously validate that this product was satisfying his company’s needs and conduct seamless endpoint security control validation. Through Cymulate’s mitigation feedback, he fine-tuned his EDR product to fit his company’s needs and monitor for changes by looking at his daily risk score.The platform was already customized and optimized as much as possible.
The temptation of a new offer
But when an offer for a great product at a much-reduced price comes knocking, well, that’s hard to turn away. But despite pressure from his CEO to switch outright, the CISO decided to run a comparison using Cymulate. After deploying the proposed EDR at the production environment in a small, dedicated segment for such testing, the CISO and his team ran multiple tests using Cymulate’s Continuous Security Validation, the same as he has been doing for the last two years.
The results of the tests showed that more than a few ransomware, trojans, and worms got through undetected by the proposed EDR. Moreover, the score projected during these tests on the proposed EDR was not as good as the one for the current EDR.
Evaluating the risks
As part of the POC recap discussion with the integrator, the CISO presented him with the results of the tests he had performed, with some key findings that would make any of us raise an eyebrow. Yet, the CISO came to the discussion open-minded to get a clear understanding as to why some scenarios or actions have not been flagged by the proposed EDR.
The integrator explained that the new EDR didn’t perform as highly as the one already implemented because it wasn’t customized to their company’s specific needs yet. The platform that was being used as a demonstration was on default settings and would need to be hardened.
With all said and done, getting the new EDR up to speed would take a few months. Months where the company’s security controls would be exposed.
Suddenly, the attractive price was much higher than what was originally being offered.
Now it included the monetary value plus the risk our CISO would be taking during the interim.
During an ensuing conversation, the CISO said something so smart and true, “I may save a lot of money now on this new deal but I could spend a whole lot more if I will get attacked during the deployment period.”
Take action: test and validate
When choosing a cybersecurity platform, an open mind is worth a lot these days, but knowing when to stick with what’s working is priceless.
Using Cymulate’s Cymulate’s Continuous Security Validation, validate that TTPs are being detected by your current or planned EDR solution. This assessment with a Cymulate specialist is completely free and you get results within hours.