Every so often, the way security marketeers manipulate words to mislead customers makes me cringe. I’m not going into specifics because that isn’t the point. I just want to clear up some terminology that many security companies misuse, which really makes them look silly.
For example, security companies (who will remain nameless) have talked about how they could have stopped the RSA breach, if only you used their widget, device, god-box and/or holy grail. But this seems to require violation of the space/time continuum. Either that or Dr. Brown is at it again and the DeLorean hit 88 mph. Breaches happen only when data is actually lost. At least that’s how I define a breach. If the attack is not successful, it’s not a breach. It’s just an attack.
Yes, I’m splitting hairs, and maybe these are my own definitions. Maybe we can come up with a standard definition for the term. A breach involves data loss, not the potential for data loss, right? The words matter. I’m a writer, and a big part of the Securosis value proposition is cutting through the crap and telling you what’s real and important. We pride ourselves on vilifying marketing buffoonery, mostly because we all deserve better.
Come to think of it, I also object to the idea that any technology is going to “render the APT useless.” Yes, I took that right off a vendor’s invitation to a webcast. I have to wonder how they do that. Given that persistent attackers are, well, persistent. Maybe the vendor in question could have stopped the specific attack launched against RSA. But I assure you they cannot stop every attack. Therefore, they are not rendering much of anything useless. Except maybe their own credibility.
Having spent quite a while in a VP Marketing role, I understand the game. The vendors need to rise above the noise and create a reason for a prospect to engage. So they manipulate words and don’t say anything that is provably incorrect, but the words sure are misleading. They count on the great unwashed not understanding the difference, and cash the check long before the customer has a chance to realize they just installed modern-day snake oil in their networks, on their endpoints, and in their data centers. We deserve better. Where is the Straight Talk Security Express when you need it? Oh yeah, that didn’t work out to well for Senator McCain either, did it?
Yes I know. I’m tilting at windmills again. Dreaming the impossible dream. Sancho just gave me that “you’re an idiot” look again because this won’t change anything. The marketers will make their technology seem much bigger than it is. The sales folks will promise users that their products will actually solve whatever problem you have today. The customers will smile, write more checks, and wonder why their customer database keeps showing up on grey market sites in Estonia.
It’s the game. I get it. But some days it’s harder to accept than others. This is one of those days. Guess it’s time to get back on my meds.
Photo credit: [Don Quixote and Sancho Panza] originally uploaded by M Kuhn