Information Security

Defending the digital infrastructure


Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Buying security software: The devil's in the details

When purchasing new security software, be sure to check references and quality controls first. You don't want to be stuck if something goes wrong.

Scrolling through the daily deluge of list postings, I found one that speaks directly to the problem addressed in month's cover story on technical support. The writer is clearly frustrated with his firewall vendor:

"Has anyone else had problems with [vendor's] customer service? Apart from their user Web site being a travesty of a mockery of a joke in usability, I got a stock response, -Your e-mail will be handled in three to five business days,' when I sent them an e-mail asking to sort out a simple problem. I'm a paying customer who can't get access to the software updates, and I'm told it's going to be a week before I get an answer? Good thing it wasn't an emergency."

What if it was an emergency? Most online FAQs and troubleshooting guides are opaque to the point of uselessness. Real troubleshooting is done by trained technicians who roll up their sleeves and get their hands dirty.

Unfortunately, security managers often find that the support they were promised during the sales presentations doesn't live up to their expectations. Information Security discovered this following our June bakeoff of desktop AV products. Readers responded, "What about support? How to the vendors stack up when it comes to resolving my problems?"

When enterprises are buying security software, security vendors always tout their products' features and functions, but invariably use their "superior" support as a differentiator. Support is how vendors say, "This is why we're better: We'll be there when you need us."

And what better security market to test than AV tech support? AV is a commoditized technology that works roughly the same way across all offerings; its usefulness isn't measured by how fast vendors can deliver new signatures, but by how well they resolve interoperability conflicts, malfunctions and unexpected incidents.

Information Security set up a faux company, S&R Pest Control (clever, eh?), and bought software and service contracts from Computer Associates, McAfee, Trend Micro, Sophos and Symantec. We developed scenarios to test their abilities to trouble-shoot and resolve relatively common problems.

As you'll read in "Help!", each vendor provided varying degrees of support, sometimes exceeding expectations and other times leaving us dismally disappointed. On one occasion, a service tech's "solution" left us more vulnerable than we were before we called. And more than a few times, the vendors never fully resolved our issues.

While this article covers only AV companies, the lessons apply to all security vendors. Service should be quick and courteous. Technicians should be knowledgeable in their products and the platforms on which their products run. And they should work with their customers, without complaint, until the problem is resolved to the customer's satisfaction. Long hold times, lackluster technicians and poor advice only serve to undermine enterprises' security.

What can you do to ensure adequate service support? You can check references and even perform your own tests. Probably the best way of motivating good customer support is demanding rebates and discounts as compensation for poor support; this is where strong SLAs come in handy. Of course, dumping a vendor is the ultimate response.

When you dial that toll-free line, expect nothing short of the best service. Vendors will get the point once they start losing a few contracts.

About the author:
Lawrence M. Walsh is executive editor of Information Security.

Article 5 of 9
This was last published in April 2011

Dig Deeper on Risk assessments, metrics and frameworks

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

Get More Information Security

Access to all of our back issues View All