Jul 24, 2023
Introducing the Swimlane ARMOR Assessment
Read More
Are you someone who tends to opt for the cheaper, less-premium version of a product even when it might require more frequent repair or even replacement? Do you ever find yourself drawn to the convenience of the quick fix, even if it fails to meet your long-term expectations? Do you prioritize immediate pocketbook savings over long-term investments that promise better performance, durability, and value?
This is the “Good Enough” effect, and while I’ve certainly made concessions in my lifetime, there are some clear-cut examples where I never settle:
- Toilet paper: This one should be obvious.
- Ice cream: Ampersand (it’s a Fresno thing).
- WiFi/Internet Service: The life-line of our existence.
- Shoes: The knees and back will thank you (and they need to look good).
- Winter coat: Think “polar vortex.”
- Roofing/roof repair: The crew should never have to come back.
- Pickleball paddle: It’s all Joola Ben Johns right now, but ask me next week.
I could go on and on…but the truth is we live in a world where we’re inundated with choices. The temptation to choose “good enough” products and services over premium alternatives is a challenge we’ve all faced at one point. From the consumer electronics that keep us connected, to the appliances that make our homes more comfortable, settling for the average can seem like a pragmatic decision. However, the true cost of good enough is far greater than it appears, particularly when we consider the long-term implications of our choices.
The Premium Difference
Premium products distinguish themselves not just through superior performance but through their longevity, advanced features, and often, a more satisfying user experience. They’re not only designed to meet today’s needs, but tomorrow’s challenges. This foresight into design and functionality means premium products often provide greater value over time, proving to be more cost-effective in the long run.
In cybersecurity, the distinction between good enough and premium comes into focus, where we’ve reached a perfect storm: An overabundance of vendors, a persistent and well-documented talent shortage, and an overload of alerts and data that need to be analyzed.
The current challenges in cybersecurity demand solutions that are not just quick to orchestrate, detect, and respond, but are more proactive and capable of neutralizing threats before the costly damage is done. This is why the interest and excitement around security automation technology, and to a certain degree AI-enabled automation, is at an all-time high.
A New CISO Mindset: Never Settle
Today’s cyber chiefs and CISOs are operating under a magnifying glass, with the weight of increasing job stress, board pressure, and the very real risk of job loss looming over every decision. Recent studies suggest military personnel, urologists and ironworkers have stressful jobs, but how can cybersecurity jobs not be among the top?
The stakes for protecting the organization have never been greater. Security leaders not only battle a relentless tide of sophisticated threats but also grapple with the challenge of conveying the importance and urgency of the budget needed to support the effort.
But here’s an important question. As a security leader, why would you ever compromise with a technology that is so integral to the very fabric of the entire security ecosystem? I’m sure no security leader wants to make concessions for any investment in a technology or service (and any leader would likely never admit they did anyway), but the impact automation can have on the actual job function of cybersecurity can be transformational.
So when it comes to security automation choices, there are three core areas where cyber chiefs might be tempted to “settle” for never good enough automation:
- Legacy SOAR
- XDR/SIEM bundled automation
- No-code security automation start-ups
Let’s break each category down.
Legacy Security Orchestration, Automation and Response (SOAR)
These are tools and technologies offered by large cybersecurity vendors such as Palo Alto Networks, Splunk (Cisco), and Google Chronicle. While these are recognized names in the market, automation was never a core specialty for any of these vendors. Each company acquired technology to enter the market. Now, innovation has waned, support has moved overseas, and SOAR is often packaged with larger enterprise license agreements (ELAs), and in some cases, completely rebranded as part of some other acronym-based offering.
XDR and SIEM Automation
These two segments are different, yet somewhat similar. Extended Detection and Response (XDR) is based primarily on endpoint protection technology and is commonly associated with companies like CrowdStrike, SentinelOne, Trellix, Microsoft, and many more.
In contrast, Security Information and Event Management (SIEM) is all about aggregating lots of data and lots of alerts from applications, the network, endpoints, and cloud environments. SIEM products include IBM Qradar, LogRhythm, Elastic, Exabeam, and are even offered from some of the vendors mentioned above.
One might argue these segments are doing their very best to converge, and while each has very different technology characteristics, they are similar in having zero specialization in automation. Yet, these companies try to convince buyers that their rudimentary capabilities to automate certain XDR and SIEM tasks (like SIEM triage) are all that’s needed..
No-Code Automation Start-ups
Smaller, newer entrants to the automation market include up-and-coming vendors like Torq, Tines and BlinkOps, to name a few. These vendors typically gain early attention from buyers with a low entry price point and limited SOC use cases capabilities. And what’s interesting, is some of these vendors don’t even support the phishing use case, and in another case, some will only do phishing. These vendors often splash a fancy user interface in front of you touting ease-of-use, but end up lacking robustness in security case management, integrations, and overall enterprise-scale when it comes to automation (what might be referred to as “carrier-class” in the networking world).
Never Settle for Less: Swimlane Turbine
At Swimlane, we’ve seen countless customers who have taken the “good enough” bait, and now we’re kicking off a new campaign that shines a spotlight directly on the gaps and ineffectiveness of these good enough security automation options. This is more than marketing snake oil, but a movement to debunk the vendor noise that certain automation offerings will suffice for today’s security operations (SecOps) requirements… and more importantly, YOUR requirements.
By highlighting the advanced and unparalleled capabilities offered by a premium solution, this initiative seeks to drive home the message that in the realm of cybersecurity automation, only “the best” is good enough to meet the challenges of an increasingly tested SecOps organization. And by the way, this doesn’t mean premium is expensive. It’s about fair pricing that aligns with value.
Ditch the “Good Enough” Mentality
Therefore, I pose the question once more, but a bit differently: Do you want to save a quick dollar, pound, or Euro, or do you want to save your job?
The allure of settling for “good enough” products is understandable in a world where immediate cost and convenience often overshadow long-term considerations. However, when it comes to automating cybersecurity automation, the true cost of such compromises becomes undeniable.
You want experience.
You want expertise.
You want dedicated support.
You want limitless scalability.
You want deployment flexibility.
You want a partner you can trust.
Opting for anything less than premium in this market is a risk no pro can afford. Just as we seek the best in items that enrich our personal lives, we must demand excellence in the technologies that protect our businesses, and our careers. “Good enough” will never be an option when the stakes are high, and embracing mediocrity is a luxury this market cannot afford.
Never settle.
