IT managers want to trade point solutions for a comprehensive cybersecurity strategy, and they expect vendors to help, according to a new report from Valimail.

This survey of almost 300 IT, and security professionals found that customers hope for security products to do more than just defend against business email compromise and phishing attacks. Customers also require security software to support compliance efforts; 45% said this was very important. In addition, customers need data from threat monitoring software available to other applications, with 46% rating this capability as very important.

In the report, Errol Weiss, chief security officer at Health-ISAC, said security teams are stuck with point solutions at the moment.

“Collectively, the industry has done a poor job of coming up with integrated solutions that work well,” he said.

Customers want an API-first approach, which makes it easy to integrate multiple cybersecurity products, according to the report. Seventy-one percent described APIs or SIEM integration as very or critically important.

In addition to improved interoperability, security software customers want vendors to take the lead in building and maintaining the overall security ecosystem, with 51% saying this is very important and 18% rating it as critical.

SEE: Phishing attacks: A guide for IT pros (free PDF)

Respondents were split on whether cybersecurity vendors present facts that can be easily verified: 44% said yes and 46% said no. Vendors fared better explaining their technology. Just over half of respondents said that vendors provide clear information with some verifiability. Thirty-eight percent said vendors use fuzzy and hard-to-verify descriptions.

Defining performance benchmarks

Vendors got so-so marks on providing a contractual guarantee that they would hit performance benchmarks:

  • Never 3%
  • 10% or less of the time 8%
  • 11 – 25% of the time 9%
  • 26 – 50% of the time 27%
  • 51 – 75% of the time 34%
  • 76 – 100% of the time 19%

In addition to using vague language during the sales process, vendors make other communication mistakes after the sale. Fifty-two percent of respondents said that they pick up the phone when they need help from vendors, and 9% said they hear from vendors at contract renewal time only.

Weiss said he requires threat intelligence vendors to meet with his team at least twice per quarter.

IT security spend

Just over 70% of respondents said that security spending accounts for less than 30% of overall IT spending, with 24% saying the total is less than 10%. Here is the range of spending on security software:

  • Less than $10,000 6%
  • $10,000 – $49,000 17%
  • $50,000 – $99,000 22%
  • $100,000 – $249,000 28%
  • More than $250,000 27%

The survey was based on 296 responses from a broad cross-section of company sizes and revenues and eight industry verticals, including federal and state and local government, technology services, finance, education, manufacturing, medical and healthcare, legal/real estate and retail and wholesale distribution. Among respondents, 40% hold data and cybersecurity job titles of director or above.

Customers want more strategic support from security software vendors and improved integration among security tools.
Image: Valimail