Survey: Customers want integration and strategic support from security vendors

Vendors get low marks for customer support and committing to benchmarks.

Microsoft wants to kill the password using FIDO2 security for better authentication Andrew Conway, general manager for Microsoft 365 Security, discusses how to prevent credential theft by relying on biometric security.

IT managers want to trade point solutions for a comprehensive cybersecurity strategy, and they expect vendors to help, according to a new report from Valimail.

This survey of almost 300 IT, and security professionals found that customers hope for  security products to do more than just defend against business email compromise and phishing attacks. Customers also require security software to support compliance efforts; 45% said this was very important. In addition, customers need data from threat monitoring software available to other applications, with 46% rating this capability as very important. 

In the report, Errol Weiss, chief security officer at Health-ISAC, said security teams are stuck with point solutions at the moment.
 
"Collectively, the industry has done a poor job of coming up with integrated solutions that work well," he said.

Customers want an API-first approach, which makes it easy to integrate multiple cybersecurity products, according to the report. Seventy-one percent described APIs or SIEM integration as very or critically important.

In addition to improved interoperability, security software customers want vendors to take the lead in building and maintaining the overall security ecosystem, with 51% saying this is very important and 18% rating it as critical.

SEE: Phishing attacks: A guide for IT pros (free PDF)

Respondents were split on whether cybersecurity vendors present facts that can be easily verified: 44% said yes and 46% said no. Vendors fared better explaining their technology. Just over half of respondents said that vendors provide clear information with some verifiability. Thirty-eight percent said vendors use fuzzy and hard-to-verify descriptions.

Defining performance benchmarks

Vendors got so-so marks on providing a contractual guarantee that they would hit performance benchmarks:

  • Never                                   3%
  • 10% or less of the time       8%
  • 11 - 25% of the time           9%
  • 26 - 50% of the time         27%
  • 51 - 75% of the time         34%
  • 76 - 100% of the time       19%

In addition to using vague language during the sales process, vendors make other communication mistakes after the sale. Fifty-two percent of respondents said that they pick up the phone when they need help from vendors, and 9% said they hear from vendors at contract renewal time only. 

Weiss said he requires threat intelligence vendors to meet with his team at least twice per quarter.

IT security spend

Just over 70% of respondents said that security spending accounts for less than 30% of overall IT spending, with 24% saying the total is less than 10%. Here is the range of spending on security software:

  • Less than $10,000           6%
  • $10,000 - $49,000          17%
  • $50,000 - $99,000          22%
  • $100,000 - $249,000      28%
  • More than $250,000       27%

The survey was based on 296 responses from a broad cross-section of company sizes and revenues and eight industry verticals, including federal and state and local government, technology services, finance, education, manufacturing, medical and healthcare, legal/real estate and retail and wholesale distribution. Among respondents, 40% hold data and cybersecurity job titles of director or above.

Also see

screen-shot-2019-12-17-at-4-14-41-pm.png

Customers want more strategic support from security software vendors and improved integration among security tools.

Image: Valimail