• United States




Make better security buying decisions with use cases

Jun 16, 20173 mins
Enterprise ApplicationsROI and MetricsSecurity

Know your risk, then look to use cases to understand what a security product actually does before you invest in anything

3D collage of financial money charts and icons
Credit: Thinkstock

For new security practitioners, deciding which security products are the best investment can be overwhelming, especially with so many vendors making promises to solve all of your security problems.

Most of us who are new to the job are looking to impress, and in business terms, that means spending wisely. For those who are looking to weed through the ocean of security solutions to find the most applicable product that addresses your business-specific risk while offering the best return on investment (ROI), use cases can be extremely helpful.

Here are some tips from industry leaders on how to make better spending decisions by knowing your internal issues and looking to use cases to help you solve them.

Do a risk assessment

I can’t even attribute this tip to any one professional because it’s just good practice, a necessary step. Without knowing your business- and environment-specific risks, you can’t possibly invest in the right products to mitigate those risks.

“Know the regulations that matter to you,” said Jeannie Warner, security strategist at WhiteHat Security.

Whether it’s PII, Social Security numbers, credit card numbers or intellectual property, any of the data you own requires that you protect it.

Analyze the intelligence

Mischel Kwon, president and CEO of MKACyber, said use cases are important in understanding different types of attacks.

“We have a process that we use in consulting where we start with threat intelligence and intel analysis,” she said. “Vetting and analyzing the TI as it comes into an organization is one of the most important things to do, then you tag the intelligence with a use case scenario.”

From there, you can map use case detection requirement to the specific tools you need for your environment.

Think about internal requirements

Whether a product might be storing your logs offsite without your knowledge or creating issues with web filtering and SSL interception, there is potential that when a new product is introduced, it starts performing functions that are not inline with your internal requirements.

Bilal Khan, global security and network manager at Argo Turboserve Corporation (ATC), said there is a wide range of issues from collecting meta data to indexing your data or not properly vetting your data that can pose privacy concerns.

Make sure your IT staff is up to snuff

If your environment isn’t well manicured, it can be a challenge to get things working together properly. Kwon said you have to make sure your IT staff has the ability to support a capability.

“You have the SOC capability to use a tool, but what you funded for resources doesn’t match what you funded for tools. Tools require skills, and that can be a money pitfall,” she said.

Rely on use cases

Most security products are designed to be really great at addressing certain problems but not others. Itzik Kolter co-founder and CTO at SafeBreach said, “Understanding the use cases for a security product is important to align what the product actually solves with the security issues an enterprise is trying to address.”


Kacy Zurkus is a freelance writer for CSO and has contributed to several other publications including The Parallax, and K12 Tech Decisions. She covers a variety of security and risk topics as well as technology in education, privacy and dating. She has also self-published a memoir, Finding My Way Home: A Memoir about Life, Love, and Family under the pseudonym "C.K. O'Neil."

Zurkus has nearly 20 years experience as a high school teacher on English and holds an MFA in Creative Writing from Lesley University (2011). She earned a Master's in Education from University of Massachusetts (1999) and a BA in English from Regis College (1996). Recently, The University of Southern California invited Zurkus to give a guest lecture on social engineering.

The opinions expressed in this blog are those of Kacy Zurkus and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author