Seasoned CISO Mike Manrod knows the value of a good cybersecurity vendor evaluation. He recalls that in a past job he inherited some very expensive vaporware under a long-term services agreement. His predecessor had purchased an “innovative” beta identity and access management platform but hadn’t done any analysis on the product, simply accepting the vendor’s claims of its efficacy. It was a dud.
Inversely, as CISO at his current company Grand Canyon Education, Manrod set his team up to evaluate an allegedly “brilliant” web application security product only to discover through testing that its client-side validation was easy to bypass and thus subvert the product. That basic test saved them from making an expensive mistake. “Startups are trysforming, and sometimes they go back to the drawing board. Nothing wrong there, but if we as security leaders purchase something that’s not ready yet, that’s on us,” he says.
To read this article in full, please click here
More Stories
This Windows PowerShell Phish Has Scary Potential
Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who...
Infostealers Cause Surge in Ransomware Attacks, Just One in Three Recover Data
Infostealer malware and digital identity exposure behind rise in ransomware, researchers find Read More
FBI Shuts Down Chinese Botnet
The FBI has shut down a botnet run by Chinese hackers: The botnet malware infected a number of different types...
Western Agencies Warn Risk from Chinese-Controlled Botnet
Cyber and law enforcement agencies across the “Five Eyes” countries issue warning about large-scale botnet linked to Chinese firm and...
8000 Claimants Sue Outsourcing Giant Capita Over 2023 Data Breach
A Manchester law firm has filed a lawsuit against outsourcing giant Capita, representing nearly 8000 claimants who were affected by...
FCC $200m Cyber Grant Pilot Opens Applications for Schools and Libraries
US Schools and libraries have until November 1, 2024 to enrol for a three-year program during which participants will receive...