www.darkreading.com
Open in
urlscan Pro
2606:4700::6811:7763
Public Scan
URL:
https://www.darkreading.com/vulnerabilities-threats/the-industrywide-consequences-of-making-security-products-inaccessible
Submission: On May 31 via api from US — Scanned from DE
Submission: On May 31 via api from US — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
The Edge
DR Tech
Sections
Close
Back
Sections
Featured Sections
The Edge
Dark Reading Technology
Attacks / Breaches
Cloud
ICS/OT
Remote Workforce
Perimeter
Analytics
Security Monitoring
Security Monitoring
App Sec
Database Security
Database Security
Risk
Compliance
Compliance
Threat Intelligence
Endpoint
AuthenticationMobile SecurityPrivacy
AuthenticationMobile SecurityPrivacy
Vulnerabilities / Threats
Advanced ThreatsInsider ThreatsVulnerability Management
Advanced ThreatsInsider ThreatsVulnerability Management
Operations
Identity & Access ManagementCareers & People
Identity & Access ManagementCareers & People
Physical Security
IoT
DR Global
Middle East & Africa
Middle East & Africa
Black Hat news
Omdia Research
Security Now
Events
Close
Back
Events
Events
* SecTor - Canada's IT Security Conference Oct 23-26 - Learn More
* Anatomy of a Data Breach - A Dark Reading June 22 Event
Webinars
* Next-Generation Supply Chain Security
Jun 07, 2023
* Here's What Zero Trust Really Means
Jun 13, 2023
Resources
Close
Back
Resources
Dark Reading Library >
Webinars >
Reports >
Slideshows >
White Papers >
Partner Perspectives: Microsoft
Tech Library >
Newsletter Sign-Up
The Edge
DR Tech
Sections
Close
Back
Sections
Featured Sections
The Edge
Dark Reading Technology
Attacks / Breaches
Cloud
ICS/OT
Remote Workforce
Perimeter
Analytics
Security Monitoring
Security Monitoring
App Sec
Database Security
Database Security
Risk
Compliance
Compliance
Threat Intelligence
Endpoint
AuthenticationMobile SecurityPrivacy
AuthenticationMobile SecurityPrivacy
Vulnerabilities / Threats
Advanced ThreatsInsider ThreatsVulnerability Management
Advanced ThreatsInsider ThreatsVulnerability Management
Operations
Identity & Access ManagementCareers & People
Identity & Access ManagementCareers & People
Physical Security
IoT
DR Global
Middle East & Africa
Middle East & Africa
Black Hat news
Omdia Research
Security Now
Events
Close
Back
Events
Events
* SecTor - Canada's IT Security Conference Oct 23-26 - Learn More
* Anatomy of a Data Breach - A Dark Reading June 22 Event
Webinars
* Next-Generation Supply Chain Security
Jun 07, 2023
* Here's What Zero Trust Really Means
Jun 13, 2023
Resources
Close
Back
Resources
Dark Reading Library >
Webinars >
Reports >
Slideshows >
White Papers >
Partner Perspectives: Microsoft
Tech Library >
The Edge
DR Tech
Sections
Close
Back
Sections
Featured Sections
The Edge
Dark Reading Technology
Attacks / Breaches
Cloud
ICS/OT
Remote Workforce
Perimeter
Analytics
Security Monitoring
Security Monitoring
App Sec
Database Security
Database Security
Risk
Compliance
Compliance
Threat Intelligence
Endpoint
AuthenticationMobile SecurityPrivacy
AuthenticationMobile SecurityPrivacy
Vulnerabilities / Threats
Advanced ThreatsInsider ThreatsVulnerability Management
Advanced ThreatsInsider ThreatsVulnerability Management
Operations
Identity & Access ManagementCareers & People
Identity & Access ManagementCareers & People
Physical Security
IoT
DR Global
Middle East & Africa
Middle East & Africa
Black Hat news
Omdia Research
Security Now
Events
Close
Back
Events
Events
* SecTor - Canada's IT Security Conference Oct 23-26 - Learn More
* Anatomy of a Data Breach - A Dark Reading June 22 Event
Webinars
* Next-Generation Supply Chain Security
Jun 07, 2023
* Here's What Zero Trust Really Means
Jun 13, 2023
Resources
Close
Back
Resources
Dark Reading Library >
Webinars >
Reports >
Slideshows >
White Papers >
Partner Perspectives: Microsoft
Tech Library >
--------------------------------------------------------------------------------
Newsletter Sign-Up
SEARCH
A minimum of 3 characters are required to be typed in the search bar in order to
perform a search.
Announcements
1.
2.
3.
Event
How to Launch a Threat Hunting Program | Webinar <REGISTER>
Event
How to Accelerate XDR Outcomes: Bridging the Gap Between Network and Endpoint |
Webinar <REGISTER>
Report
Black Hat USA 2022 Attendee Report | Supply Chain & Cloud Security Risks Are Top
of Mind | <READ IT NOW>
PreviousNext
Vulnerabilities/Threats
4 MIN READ
Commentary
THE INDUSTRYWIDE CONSEQUENCES OF MAKING SECURITY PRODUCTS INACCESSIBLE
Accessibility won't solve all of the industry's problems, but it can help tackle
a few.
Ross Haleliuk
Product Leader and Head of Product, LimaCharlie
May 10, 2023
Source: Risto Hunt via Alamy Stock Photo
PDF
When you look at the cybersecurity vendor market, it's hard not to notice that
most vendors don't make their products easy to access, requiring prospects to
attend a series of demos, signs multiyear contracts, and commit to a minimum
spend, a minimum number of endpoints, or some combination of these. This
behavior of cybersecurity companies has several far-reaching consequences.
GATED SECURITY PRODUCTS PERPETUATE THE SECURITY TALENT SHORTAGE
The sales model in the cybersecurity industry that forces practitioners to
"qualify" by meeting the minimum spend requirements and signing long-term
contracts is perpetuating the talent shortage. Entry-level professionals are
effectively denied the opportunity to learn to use tools they for them to get a
job, such as endpoint detection and response, identity management, asset
management, security automation, orchestration, and others that have become
ubiquitous across the industry. This creates a vicious catch-22: Unless you have
experience using product X, you can't get hired, and you can't get experience
with the tool unless you're already in the industry.
Today, eager young people can start a career in offensive security by watching
videos on YouTube, participating in one of the thousands of capture-the-flag
(CTF) competitions, or taking part in bug bounty contests. However, to
accumulate the skills needed for them to get hired on a blue team, they require
access to tooling that is not by any means accessible.
GATING SECURITY PRODUCTS LEADS TO EXCLUSION AND HARMS DIVERSITY EFFORTS
Restricting access to security products creates situations where people from
underrepresented groups are not able to easily catch up with their more
fortunate peers who are already employed by enterprises with access to the
latest tooling. In other words, companies publicly championing their efforts to
increase diversity and get more people from underrepresented groups in the
industry are actually making it harder for the same people to get into
cybersecurity.
It's not uncommon to see motivated and driven people from underrepresented
backgrounds spend their free time studying and trying to level up their skills
so they can move up the career ladder. While scholarships and grants are
certainly helpful, what can be even more impactful is giving them access to
tools they need to learn to develop new skills, build résumés, and get hired or
promoted.
INACCESSIBLE SECURITY PRODUCTS MAKE IT HARD TO DEFEND SMALL BUSINESSES
I have met many security professionals who are interested in starting their own
services business — be it an incident response firm or a managed security
service provider (MSSP). The problem is that for an aspiring entrepreneur,
getting started is hard: Not only is the market incredibly competitive, but it's
difficult to access the tools needed to get everything set up.
We like to talk about the fact that small and medium-sized businesses (SMBs)
become victims of cybercrime because they don't know much about cybersecurity
and where to get started with hardening their security posture. Large security
firms typically ignore SMBs, as they are, by definition, small, and not as
attractive as a business opportunity: They need a lot, but pay a little. This is
where SMB-focused service providers can come in.
There are many security professionals with a strong desire to do their own thing
and an ability to help companies in their area. The problem is that to access an
endpoint detection and response (EDR), asset management, or cloud security
posture management solution, they are required to sign multiyear agreements and
predict and even commit to minimum spending. For obvious reasons, asking someone
who hasn't even proven they can make the model work for a multiyear commitment
is not reasonable. Unless the people trying to get started have enough knowledge
to leverage open source, they are typically out of luck and have to give up
their ideas before even trying.
LOOKING INTO THE FUTURE
We have seen a lot of progress in the past few years to promote cyber defense:
There are more communities for security practitioners, more blue-team-focused
events, and more defense-centric capture the flags. We are also seeing the rise
of open source in the industry, and a growing number of security vendors
starting to open up access to their products. We refer to this approach as
product-led growth. These changes are great, and we need more of them.
It seems like most security vendors today create thought leadership content
about how bad the talent shortage is for the industry, yet few are making it
easy for people to become job ready by learning how to use their tools. The
real-life impact of gated products on the careers of aspiring security
professionals is significant. The same is true about the problem of securing
SMBs.
Making cybersecurity products more accessible won't solve all problems in the
industry, but it will help us tackle a few of them, and hence, it is well worth
doing.
OperationsCareers & People
Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities,
data breach information, and emerging trends. Delivered daily or weekly right to
your email inbox.
Subscribe
More Insights
White Papers
*
Top 5 Reasons to Prioritize Privileged Access Management
*
The Big Business Of Cybercrime: A Deep Dive Guide
More White Papers
Webinars
*
Next-Generation Supply Chain Security
*
Here's What Zero Trust Really Means
More Webinars
Reports
*
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks
*
How Enterprises Are Managing Application Security Risks in a Heightened
Threat Environment
More Reports
Editors' Choice
Russia's War in Ukraine Shows Cyberattacks Can Be War Crimes
Andrada Fiscutean, Contributing Writer, Dark Reading
'Volt Typhoon' China-Backed APT Infiltrates US Critical Infrastructure Orgs
Tara Seals, Managing Editor, News, Dark Reading
CISO Criminalization, Vague Cyber Disclosure Rules Create Angst for Security
Teams
Becky Bracken, Editor, Dark Reading
Bridgestone CISO: Lessons From Ransomware Attack Include Acting, Not Thinking
Jai Vijayan, Contributing Writer, Dark Reading
Webinars
* Next-Generation Supply Chain Security
* Here's What Zero Trust Really Means
* Mastering Endpoint Security: The Power of Least Privilege
* The Future is CNAPP: Cloud Security From Prevention To Threat Detection
* Secrets to a Successful Managed Security Service Provider Relationship
More Webinars
Reports
* Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks
* How Enterprises Are Managing Application Security Risks in a Heightened
Threat Environment
* Successfully Managing Identity in Modern Cloud and Hybrid Environments
* Shoring Up the Software Supply Chain Across Enterprise Applications
* The Promise and Reality of Cloud Security
More Reports
White Papers
* Top 5 Reasons to Prioritize Privileged Access Management
* The Big Business Of Cybercrime: A Deep Dive Guide
* Understanding Vulnerability Prioritization Technologies - From Generic VM to
VPT
* Cymulate Named Innovation Leader, Frost & Sullivan's - Frost Radar BAS, 2022
* Cybersecurity in a post pandemic world: A focus on financial services
More White Papers
Events
* SecTor - Canada's IT Security Conference Oct 23-26 - Learn More
* Anatomy of a Data Breach - A Dark Reading June 22 Event
* Black Hat USA - August 5-10 - Learn More
More Events
More Insights
White Papers
*
Top 5 Reasons to Prioritize Privileged Access Management
*
The Big Business Of Cybercrime: A Deep Dive Guide
More White Papers
Webinars
*
Next-Generation Supply Chain Security
*
Here's What Zero Trust Really Means
More Webinars
Reports
*
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks
*
How Enterprises Are Managing Application Security Risks in a Heightened
Threat Environment
More Reports
DISCOVER MORE FROM INFORMA TECH
* Interop
* InformationWeek
* Network Computing
* ITPro Today
* Data Center Knowledge
* Black Hat
* Omdia
WORKING WITH US
* About Us
* Advertise
* Reprints
FOLLOW DARK READING ON SOCIAL
*
*
*
*
*
*
* Home
* Cookies
* Privacy
* Terms
Copyright © 2023 Informa PLC Informa UK Limited is a company registered in
England and Wales with company number 1072954 whose registered office is 5
Howick Place, London, SW1P 1WG.
Cookies Button
ABOUT COOKIES ON THIS SITE
We and our partners use cookies to enhance your website experience, learn how
our site is used, offer personalised features, measure the effectiveness of our
services, and tailor content and ads to your interests while you navigate on the
web or interact with us across devices. You can choose to accept all of these
cookies or only essential cookies. To learn more or manage your preferences,
click “Settings”. For further information about the data we collect from you,
please see our Privacy Policy
Accept All
Settings
COOKIE PREFERENCE CENTER
When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
More information
Allow All
MANAGE CONSENT PREFERENCES
STRICTLY NECESSARY COOKIES
Always Active
These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to
block or alert you about these cookies, but some parts of the site will not then
work. These cookies do not store any personally identifiable information.
Cookies Details
PERFORMANCE COOKIES
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.
Cookies Details
FUNCTIONAL COOKIES
Functional Cookies
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then
some or all of these services may not function properly.
Cookies Details
TARGETING COOKIES
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.
Cookies Details
Back Button
BACK
Search Icon
Filter Icon
Clear
checkbox label label
Apply Cancel
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label
*
View Cookies
* Name
cookie name
Confirm My Choices