If you work as a security analyst, CISO, CSO, or CTO, you’re likely dealing with a SOC and technology stack that doesn’t fully integrate and requires creative-cobbling so that you can make sense of the huge amount of data threats coming at you, whether from your SIEM or other sources. Security teams have had to become resourceful MacGyvers in this day-and-age, simply to keep up with the ever-changing landscape of cyber-threats. In short, cyber-technology rarely is enough, and it often falls short, leaving huge gaps for security teams to figure out, or causing workarounds to sort through false positives.
Why are cyber-technologies consistently falling short of what the industry needs?
Cyber-technology companies today come in all shapes and sizes. Often, if a startup comes up with a well-received technology, the company is quickly snapped up and folded into a larger conglomerate. Rather than being an advantage to the industry, this often causes further issues and presents interoperability challenges. The huge players in cyber technologies tend to create their products in isolated environments; indeed, many of their engineers have never even worked in a SOC environment. Oftentimes, the sales teams provide the strategy in terms of how the road map should be built for future product iterations, based on what they’re hearing in the field.
This is problematic, for multiple reasons.
Security analysts and the leadership teams overseeing them are the ones who are “in the trenches,” so to speak. They see how threats evolve, and they’re constantly trying to stay one step ahead of the bad actors who are trying to infiltrate their networks. Often, teams are dealing with legacy equipment and are stuck in contracts for technologies that aren’t equipped for current threats. Cyber technology companies are not in the day-to-day mix, and they may not understand how their technologies are helping or hindering the daily hunt. Product road maps may be developed a year before a product rollout, and by the time it’s in the field, the threat environment may have evolved, or other technologies may be filling these gaps. In short, for such a sophisticated field of technology, with AI, machine learning, and new automation technologies emerging, the cyber technology companies are still falling short.
It doesn’t have to be this way: Cyber technology companies can do better
Cyber technology companies are heavily reliant on industry research to help them understand what to develop next: Reports from The Ponemon Institute, custom customer surveys, and Gartner reports are seen as the Gold Standard to understand what technologies are needed. However, these reports are quantitative in nature and generalized because of the huge amounts of company sizes they cover. They are great benchmarks, but they’re only one side of the coin.
If a cyber technology company truly wants to develop products that address pressing industry needs, the most effective technique is for them to hire neutral market research firms that can conduct qualitative research, such as focus groups and in-depth interviews, with security analysts and CISOs. It may seem very “un-tech-like” to use focus groups for product development, but cyber technology companies that have used focus groups have had better success in developing products that are needed and useful, rather than presumed.
An experienced moderator who understands the cyber field can have in-depth conversations with security professionals to understand the full landscape of the SOC and threats facing teams. Using ideation exercises, the moderator can help lead teams through brainstorming solutions, leading to new product road maps. This is a win-win solution, as security experts from the field are listened to and part of the process, rather than simply being seen as gatekeepers for which products to buy or not buy. Cyber technology firms are able to have a neutral party go in and diagnose industry issues, and then be able to see these issues through a new lens, and not simply colored by their knowledge of their products. These findings are then sent to the product teams for new product development.
Good market research requires participation from all sides
Even though we’re flooded with machine learning and various forms of AI, there is simply no substitute for person-to-person conversations and brainstorming. We all want to be listened to, and every security team needs to feel that they can have a hand in customizing technologies based on real-world security threats that they see daily. That’s why market research is especially important in the cyber field. For market research to be successful, it’s contingent on security analysts and security leadership roles to be willing to participate in studies and offer their input. Furthermore, it requires that cyber technology companies make qualitative research an ongoing part of their product development cycle, so that they can ensure they’re getting input from professionals in the field, rather than only relying on industry reports.
Conclusion: Everyone wins when more market research is used in cyber technology development
To wrap up, everyone in the cyber industry benefits when cyber technology companies use qualitative research to help them develop better, more precise technologies. Security teams benefit from having technologies more tailored to their actual environments; cyber security technology firms benefit from building better products that the industry will buy; and consumers benefit from having their data secured with better protection.