Security defenses are not merely about encryption, firewalls and antivirus software. Security deterrence goes beyond technology into the realm of psychology and perceptions. Make a target appear to be more secure and attackers will turn their attention elsewhere. What you say is important.\u00a0A case in point of a security company not understanding the power of perception is\u00a0FireEye, which recently launched\u00a0legal action against security research company\u00a0ERNW. ERNW had issued an advisory about some FireEye security holes. But FireEye\u2019s complaint is not that ERNW got its facts wrong.\u00a0FireEye\u2019s concern is that ERNW revealed too many technical details and that the disclosure exposed more of FireEye\u2019s intellectual property than was needed. ERNW disagreed, saying that the specifics had to be revealed to make clear how the vulnerabilities posed a risk.\u00a0If FireEye had been smart, it would have let it end there. But it didn\u2019t, instead suing the company in a German court. FireEye was \u201cnot willing to expose any of the proprietary information that would put our business and customers at risk,\u201d wrote FireEye\u2019s vice president for global communications, Vitor C. De Souza, according to a story in\u00a0CIO. \u201cUnder German law, they were also not allowed to release intellectual property that was not theirs.\u201d\u00a0De Souza\u2019s argument is solid and would be appropriate if made on behalf of an aerospace or pharmaceutical firm. But a security company isn\u2019t like other companies when it comes to the need to protect its intellectual property. It\u2019s that perception thing, and FireEye got tripped up by it.\u00a0FireEye thinks it\u2019s justified to say, \u201cWe will do everything necessary to protect our intellectual property.\u201d But what its customers and prospects hear is a scared security company, freaked out by someone revealing a security hole. That\u2019s bad for a couple of reasons. First, the lawsuit keeps the story of the vulnerabilities in the headlines, making it far more likely that it will pop to the top of search results for FireEye. Second, it sends the message that FireEye wants to shut down or even punish a security researcher who found flaws in its systems. From the perspective of customers and prospects, the security researcher is the hero; FireEye\u2019s move makes it the villain in their eyes. After all, it\u2019s not disputing what the researcher said. FireEye comes off as a company that wants to stifle criticism and keep its flaws secret. It\u2019s not a great way to retain your customers\u2019 confidence in your products.\u00a0FireEye did properly patch the holes and announced that to customers. That was the right thing to do, of course. What it should have done next was to embrace ERNW\u2019s findings, give the researchers all of the credit (remembering that customers view security researchers as the good guys), thank the researchers \u2014 and then shut up. Wise customers don\u2019t expect a complex security product to be perfect, but they do expect the vendor to be ever ready and willing to improve it when its failings become known. Having failed to convince ERNW that it was going to needlessly expose its intellectual property, its next move should have been to go on about its business. That conveys confidence, which customers want in their security vendors. Taking legal action conveys a lack of confidence in its own systems, while making the company appear petty and vindictive. In other words, it projects the worst possible image.\u00a0And it\u2019s not just customers and prospects who will respond to that projected image. Cyberthieves, identity thieves, terrorists and other bad guys will smell the fear and start probing FireEye systems for similar vulnerabilities, guessing that a vendor that is this defensive will likely fix the current hole and little else.And if customers and prospects see that there is rising chatter among the bad guys as they thoroughly probe FireEye, those IT execs are going to get nervous and start looking for a security firm that is less of a target.\u00a0FireEye may have made the right move based on recommendations from Legal, but where the heck was Marketing? They are supposed to be the customer perspective experts.