Connect with us

Hi, what are you looking for?


Management & Strategy

Get to the Point! Questions You Should Ask Every Security Vendor

What Questions Should You Be Asking Security Vendors?

What Questions Should You Be Asking Security Vendors?

Here’s a concept that may help security vendors shorten sales cycles and gain a more captive and receptive audience amongst prospective buyers – Get to the point. The process of talking in circles and using buzz words and jargon such as “operational efficiency” and “increased functionality” is not a new phenomenon in the world of technology, but it does seem to be on the rise in the security industry.

In the same way an overabundance of hype has deflected attention away from the seriousness of cyber threats and the importance of stringent security protocols, the sales strategy of “being vague” many vendors are currently employing discredits what so many credible companies have worked hard to achieve. Our job as security vendors is to solve specific problems with proven technology that was developed through years of testing and research , not jump on the latest trend with an “us too” proposition. 

Question MarkIf I were in the position to make purchasing decisions for security products and services, I would create a checklist of questions for every vendor I interviewed and if they couldn’t provide me with a straightforward answer to each one of them, I would drop them from consideration. The following is a list of questions that I recommend everyone ask as an initial filter and you can build out and customize this list as needed as you get further along in the purchasing process.

1. What does your product do? – Seems simple enough to answer, but you’d be amazed at how many companies can’t provide a straightforward and specific answer to this question. This is where we get into the catch phrases and the buzz words. They are so concerned with appealing to the widest audience possible that they are afraid to tell you specifically what their product can and can’t do. Any vendor worth talking to should have enough confidence in what they do to allow the solution to stand on its own merits.

2. Where have you spent the bulk of your research and development budget over the past three to four years? – This question is designed to weed out the trend jumpers and to ensure that you are investing in a company with the requisite knowledge base and experience to solve the intended problems. We have all witnessed the bandwagon jumping that takes place in the technology space around the hot issues. All you have to do is take stock of how many tech vendors have claimed to be cloud and big data experts over the past few years to confirm that few big trends in technology escape the mob mentality.

3. What is the definitive value add? – Simply put, what am I buying myself in terms of a return on investment with this solution? Can they quantify the savings or the increased value received, or will they offer up the standard increased efficiency line. In order for me to make an investment in a new solution, I need to have quantifiable proof that what I’m getting either produces a significant savings or provides a new and tangible benefit I’m not receiving from my current solution.

4. When will I receive a benefit or return? Security is a “right now” type of business. If an organization is serious about investing in a new solution, it’s likely because they have a risk or a vulnerability that they have determined is unacceptable. Therefore, they want that shored up yesterday, not six months to a year from now. Proven security solutions built upon solid research and design should begin paying dividends quickly.

Advertisement. Scroll to continue reading.

5. What am I getting from doing business with your company? I want to know up front that if I purchase a product or solution from you what I can expect in terms of service and support. I want definitive timelines and check points from the point of sale until we are fully operational. Security is about solving problems, not creating headaches.

I understand that no two situations are ever entirely the same and that circumstances can sometimes necessitate different approaches to security partners and vendors. However, you should always have the expectation that your provider should be able to clearly articulate their value proposition. If you are speaking with security vendors in the first place, you obviously have identified a need in your organization for a complimentary or more sophisticated solution to what you already have in place.

My advice is to not waste your time combing through a bunch of “me too” vendors just hoping to take advantage of the latest news cycle and industry buzz. Make them earn your business by delivering a clear and concise plan to meet the needs of your company.

I can’t think of a better way to begin any of these conversations than by simply asking them to get to the point, and quickly. Security waits for no one.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Artificial Intelligence

ChatGPT is increasingly integrated into cybersecurity products and services as the industry is testing its capabilities and limitations.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...