Hi! I am Nick Gipson, the Director of Cyber Operations here at Pareto Cyber. This is Part 6 of my 10-Part series on “10 Things I Hate About Cybersecurity: A Love Story” where I dissect the problems within this industry and my personal encounters with them. You can find the other parts of this series here.
The Issue
We’ve talked a lot already about the issues with certain managed security service providers (MSSPs). Yet today I want to point out yet another problem with how some of these cybersecurity vendors do business.
In particular, I would like to discuss the problem with the fact that certain MSSPs force their customers into using specific tools.
This outcome is indirect. The MSSP will not (usually) tell you to ditch your tools. Yet to work with them you will have no other choice, since they will not integrate with products outside of their preferred few.
I understand why this happens.
The company will build an integration for a specific API that some past client has requested from them. As their customer base grows, they begin to get more picky with implementing new integration requests. That strategy makes sense. After all, integrating a new API takes time and effort.
Why It Matters
If there’s no client base for a certain product, why would you invest your time into building it?
Well, I think the pattern here is a little more insidious than may appear at first glance. For a client, encountering a lack of integrations is extremely frustrating. You end up looking for vendors that match your tech stack more than your working style or security needs… neither is particularly good for improving your cyber maturity.
I’ve been on the client side before.
A few years ago, I was working for a division at the Department of Defense (DoD). At some point, the government wanted to hire a new security information management (SIM) vendor.
Our entire environment was built in Linux, so we looked for a provider that could work with it. One vendor seemed particularly good. During negotiations, they assured us that they not only supported Linux but integrated with it quite efficiently.
That was a lie.
Once we signed a contract, the vendor suddenly turned around and informed us that in fact they didn’t work with Linux at all. For whatever reason, the claims they made previously were not true.
After finding this out, the government pulled out of the contract.
In the end, the vendor’s lie wasted everyone’s time and money. The vendor didn’t get paid for the voided contract. We didn’t get the service we needed and had to start the process from scratch.
Why would anyone do this?
What Can We Do?
The solution is quite simple.
The technology to integrate with pretty much every tool in a cybersecurity tech stack is there. The APIs are free. An MSSP can easily implement whatever connection their clients need.
This lack of available integrations is fully due to laziness or poor prioritization. Sure, implementing a new API connection takes time. But as a vendor, you will lose way more time and money by cutting out a huge chunk of your customer base.
For every tool you don’t integrate, you lose every prospect who uses it.
That’s why, at Pareto Cyber, we make sure to stay completely vendor agnostic. If someone signs with us – we will get them all the connections they need.