6. Users don't fully understand the product's capabilities
While IT managers struggle with product flaws and poor customer support from vendors, the vendors themselves are also struggling with user errors and misperceptions that sometimes cause their products to fall short of their potential. One of the chief problems, they say, is that security professionals don't always fully understand what the product can do.
Predictably, experts say, many users overestimate the capabilities of a given security product. "Companies are always looking for a silver bullet," says Slade Griffin, security engineer at Sword and Shield Enterprise Security, a consulting firm that helps corporations deploy a wide array of security technology. "The fact is there's nothing out there that will cover all the bases, so you shouldn't expect too much from any one product."
Interestingly, though, many vendors are also frustrated by customers that set the bar too low. "What I see often is a user that says, 'We had a breach of this type last month, and we want to make it stop,'" says Jason Anderson, vice president of engineering at Lancope, who has served as an executive at other security companies as well. "They make a quick search to find a product that solves that one problem, and they buy it. They don't pay enough attention to the product's broader capabilities."
Another veteran of several security vendors agrees. He tells a story on one of his customers: "A major service provider bought a ton of our [Network Address Translation] boxes, which came with VPN and firewall capabilities," he recalls. "Then [the customer] came back to us months later and said, 'Hey, this would be a great product if you added VPN and firewall [capabilities].' They were so focused on the one function that they didn't even see that it already had the functionality they needed."
Some customers also operate under the mistaken belief that once they've installed a new security product, they're immune to a particular exploit. "Exploits change," Anderson observes. "They evolve. That product might stop a certain type of breach for awhile, but there will be new attacks, and the product will evolve, too."
Bottom line: Find out what a particular product can do before you buy it. Don't expect it to solve all of your problems forever, but if it is capable of multiple functions, consider using as many of them as you can. Misperceptions about a product's capabilities -- expecting too much or too little -- can often lead to dissatisfaction or wasted investment.
