The Most Important Question to Ask Security Vendors Before Hiring Them


This post is also available in: French German Italian Portuguese (Brazil) Spanish Russian

Your customer’s digital experience should never be compromised when under a DDoS attack.

When discussing security solutions with Chief Security Officers (CSOs), one of the most frequent concerns is the false positives rate. A false positive is a mislabeled security alert indicating a threat in the absence of one. Regardless of the benefits security solutions bring to businesses, false positives remain a significant concern that affects your chances of closing a deal or making a sale.

CSOs, IT managers, or security operators are highly concerned about this issue. Every false positive means a legitimate consumer’s access rights to a service or application are denied, causing consumer churn and overhead to the IT staff—every single case must be investigated and cleared, which takes time.

Why Blocking Legitimate Users Used to be Acceptable

Surprisingly many CSO and IT managers find no wrong in the practice of blocking legitimate users when their application or data centers are under attack. Traditionally when a business is under attack, the false-positives concern was waived.

When did blocking legitimate user traffic when under attack become acceptable? The answer is simple since user’s dependency on technology became more rampant. Security vendors, for the longest, have taught enterprises that when under attack, we cannot determine between attack traffic versus legitimate traffic, which made it acceptable to block users. However, with the right technology, we can.

[You may also like: What to Do When You Are Under DDoS Attack]

How to Stay Protected When Under Attack

If you have concerns about false positives in peace-time, you should have the same concern when under a DDoS attack. Your consumers do not have visibility into your IT operations, nor do they care if you are under attack or not. They want the best service, and they want it all the time, every time. There is no reason for enterprises and businesses to compromise their digital experience because security vendors lack the right technology to protect them.

When meeting with your security provider, the first question should be about their false-positives rate, and the follow-up should be, “What is your false-positives rate when under attack?” If they cannot address this question correctly, your consumers will pay the price.

Download Radware’s DDoS Response Guide to learn more.

Download Now

Ron Meyran

Ron Meyran leads the marketing activities, partner strategy and Go-to-Market plans for Radware’s alliance and application partners. He also works to develop joint solutions that add value proposition and help drive sales initiatives – designed to increase visibility and lead generation. Mr. Meyran is a security and SDN industry expert who represents Radware at various industry events and training sessions. His thought leadership and opinion pieces have been widely published in leading IT & security industry magazines and he holds a B.Sc. degree in Electrical Engineering from Ben-Gurion University and a MBA from Tel Aviv University.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

CyberPedia

An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

CyberPedia
What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Blog
Security Research Center