When a company decides to capture its core principles, it is important to set expectations on how they plan to conduct themselves in their daily actions and behaviors. In the cybersecurity industry there are unsavory tactics used by some vendors when promoting their solutions. These are not tactics we agree with, and that is what led us to to this principle:
Avoid hype, fear, and exaggeration.
In security, it is not uncommon for vendors to use hype, fear, or exaggeration in order to gain attention and win business. As I mentioned in our previous post “Show Respect and Integrity in Everything We Do”, transparent communication and integrity are at the core of everything we do at Stamus Networks. We believe that hype, fear, and exaggeration are inherently dishonest and manipulative, so we strive to avoid them, particularly as marketing and sales tactics.
In this post I’ll walk through each of those tactics and describe the ways in which we avoid them.
Cybersecurity vendors have developed a poor reputation with buyers by overpromising and hyping up the value of emerging technologies without fully delivering when it comes to practical application. For example, we frequently see this tactic applied to machine learning as a universal threat detection mechanism. While machine learning is certainly a powerful tool, it is not the best tool for all applications.
At Stamus Networks, we believe that the right technology needs to be assigned to the right problems. We have chosen not to over-hype machine learning as the ultimate threat detection tool because that would be disingenuous. Instead, we work hard to be realistic and honest about our solutions, the problems they can actually solve, and their limitations.
When a cybersecurity company capitalizes on fear, it usually happens in one of two ways. In the first way, they reach out to prospects soon after an industry peer has suffered a very public breach, offering a solution that could help the prospect avoid a similar fate. Here, they are clearly trying to profit off of an organization's misfortune. This is just wrong. The other way is by more directly selling a fearful narrative. These companies overtly reference potential threats and use statements like, “if you don’t invest in this technology you will be breached”.
The problem with these tactics is that they are incredibly dishonest. Sure, the problems are serious and that is why our industry exists, but exploiting our fear of the problem ultimately diminishes the efficacy and authority of the solution.
At Stamus Networks, we prefer to recognize the seriousness of the problem without playing on the emotions of our prospects to promote our solutions.
The problem of exaggeration has to do with failure to meet expectations or deliver on promises. Many vendors overpromise when it comes to the capabilities of their offering, causing disappointment. When the customer begins using the product, they see that it does not do everything they were led to believe it can do.
At Stamus Networks, we do not take promises lightly. When we state our solution can do something or will do something, you can trust that we mean it.
Hype, fear, and exaggeration are deliberately deceptive tools designed to make your problems look worse and solutions look better. That doesn’t help your network security or SOC teams make the right decisions or work more efficiently. Conversely, if the team knows exactly what threats they are fighting and understand the actual capabilities of their tools, they can more quickly evaluate the situation and create a plan to address it. This is where the real power comes from, and we believe that being clear, transparent – and above all honest – helps security specialists know more, respond sooner, and mitigate risk.
To learn more about why we sat down and developed our core principles, take a look at the introductory blog to this series.