<— Back

If The Hype Doesn’t Kill You, Flawed or Missing Analysis Will

Many vendors like to use dazzling terms that describe the same technology their competitors have and/or are doing the same thing that their competitors do. As an analogy, one company that sells bottled water calls theirs pure while another says purified. The one that wants to dazzle with science will talk about how “we’ve combined 2 sets of hydrogen atoms with one oxygen molecule having the specific atomic weight of 8 in order to create the purest water that is scientifically attainable. Or, my favorite, “Now with twice as much hydrogen as oxygen.” The last one actually was on a billboard, albeit deliberately humorous.

When testing security products, the quality of the hype doesn’t cut it. The quality of protection is king. But deciding on a solution requires more than beautiful numbers. If one product protects against 100% of the attacks against it, while another scores 94%. Which product is best? What about the ones scoring better or worse than 94%? The answer is that you don’t have enough data to reach a logical decision. For example, in some cases regulatory compliance requirements must prioritized. If a product must be “accredited” as providing PCI DSS requirements, then non-accredited products are not viable solutions, regardless of quality. There are a variety of considerations that must be evaluated alone and in conjunction with each other. In this presentation we will provide anti-hype information designed to help IT practitioners improve the quality and comprehensiveness of their analysis of the results of security product test data, regardless of what test organization is providing results. Data doesn’t lie, but numbers laugh at those who make purchase decisions based on data without analysis.