InfoSec Natural Selection - Measuring the VALUE of Security Products presented at AppSecIsrael 2014

by Shay Chen,

Summary : It should have been easier to make intelligent choices in 2014, deciding what's right and what's wrong, weeding out the useless from the useful.
However, in reality, the storm of marketing claims, the endless list of trends, and the sheer number of choices caused the exact opposite.
Would you buy a car you can't drive? Would you pay an ISP that doesn't provide you any internet services? Many of us do just that when choosing infosec products.
Furthermore, during infosec product evaluations, the evaluating entity often ignores key aspects that can get him into a WHOLE LOT OF TROUBLE, whether he'll be a CISO, system operator, integrator or pen-tester.
Some aspects may simply prevent the products from working, while some features in these products, if improperly implemented by the vendor or misused by the user, can cause severe damage to the target organizations, and as a consequence, make the user / vendor accountable, and may even lead to lawsuits.
The presentation will focus on key aspects that the consumer/user should assess prior to selecting information security products (IDS/IPS, WAF, Monitoring Products) or security assessment products (Scanners, Source Code Analysis Tools, Exploitation Suites).