Security Experts:

Why WannaCry Really Makes Me Want to Cry

Recently, the WannaCry ransomware worm was big news.  For security professionals working inside organizations with unpatched systems vulnerable to infection, it was a particularly busy period.  Plenty has been written about the malware itself, how it spread, the need to patch, and many other technical topics around the recent outbreak.  Much great analysis has been done, and I certainly don’t need to rehash that here.  I’d like to focus on a different angle entirely.

You see, all the activity around WannaCry really did make me want to cry.  But not for the reasons you might expect.  So what was it that nearly brought me to tears (in the figurative sense of course)?  There were two reasons in particular:

 Market Confusion

 Shiny Object Syndrome

Market Confusion

An event like WannaCry doesn’t happen very often, but when it does, it is spectacular.  The spectacle I’m referring to, of course, isn’t the spread of the ransomware or the countless weekends it ruined.  Rather, I am referring to the marketing spectacle that resulted immediately after WannaCry became big news.  Just about every security vendor, with few exceptions, chased the proverbial ambulance.  To me, this was not good for the security industry at all, and I’ll explain why.

If you talk to most security professionals on the buy side today, they will likely tell you that clarity and understanding are not among the benefits they receive from the various vendors across the different security markets.  In fact, the reality of the situation is quite the opposite.  Almost all security vendors use the same set of marketing catch phrases and buzzwords.  Many security vendors claim that their product covers 10 or more different markets, when in reality it may be most ideally suited to one, two, or perhaps three markets.

Of course, I certainly understand the need for a company to market and sell its products and services, and I would never discourage them from doing so.  Unfortunately, however, we have come to find ourselves, across nearly all security markets, in a perpetual state of marketing conflict escalation. 

Every time a new catch phrase or buzzword becomes popular, one or more vendors feel compelled to add it to their messaging.  Once that happens, all of the vendors in that particular market need to add it to their respective messaging as well.  And when will the new additions be removed or replaced?  In most cases, never.  Thus the never ending spiral of escalation continues.  This is no doubt the reason that if you read the marketing synopsis of most security vendors, it is a soup of words in which it can be difficult to find any real clarity or understanding of what is being offered.

So why is this bad for the security industry?  Just ask any confused security buyer drowning in noise and struggling to solve real operational problems.  It has become nearly impossible for buyers to cut through the noise and zero in on the products and services they need to help them solve their problems and address their challenges.  Vendors are an extremely important part of the security picture, but it is getting harder and harder for them to connect with the right potential buyers.  As a result, operational problems remain unsolved and challenges remain unaddressed.  And that, in turn, is bad for the security industry.

Shiny Object Syndrome

In a few months, most people outside of the security community won’t remember WannaCry.  It will no longer be the news of the day as it once was, and many vendors will no longer feel compelled to use it for marketing purposes.  Instead, we will move on to something else.  I am nearly certain of that.  So what is the issue with this “Shiny Object Syndrome” of sorts, and why is it bad for the security community?  I’ll explain.

Simply put, by succumbing to Shiny Object Syndrome, vendors do themselves a tremendous disservice and sell themselves short.  Allow me to explain why.  The security marketplace is crowded and competitive.  If you’re succeeding as a vendor in this environment, it’s probably because you provide products and services that the community values and has come to rely on.

Imagine a world in which the time spent spinning the news cycle around the event du jour was invested differently.  What if, instead of further clouding security markets and adding to the confusion, that time was invested into trying to better understand the relevant operational problems buy side customers are interested in solving?  Messaging could be developed in a language that potential customers not only understand better, but have been waiting to hear from vendors.  Taking this approach allows customers to achieve a higher level of clarity and understanding around what challenges their vendors can best help them address.  But it also has the added benefit of helping vendors more precisely zero in on the potential buyers with whom their pitch is most likely to resonate.

I’m not convinced that the conventional wisdom of spinning the hot news item of the day actually brings long-term revenue growth to a company.  For sure, there may be short-term revenue bumps from a successful shiny object marketing campaign.  But in the long run, I’m increasingly convinced that a precise, efficient matching between buy-side problems that need to be solved and the vendor solutions that can solve them is the way to go.  We’re a long way from achieving that as a community, but perhaps we can begin by limiting the amount of new market confusion we introduce, as well as avoiding Shiny Object Syndrome.

view counter
Joshua Goldfarb (Twitter: @ananalytical) is an experienced information security leader with broad experience building and running Security Operations Centers (SOCs). Josh is currently Co-Founder and Chief Product Officer at IDRRA. Prior to joining IDRRA, Josh served as VP, CTO - Emerging Technologies at FireEye and as Chief Security Officer for nPulse Technologies until its acquisition by FireEye. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. He has consulted and advised numerous clients in both the public and private sectors at strategic and tactical levels. Earlier in his career, Josh served as the Chief of Analysis for the United States Computer Emergency Readiness Team (US-CERT) where he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT.