9 questions you should ask before choosing a security vendor

  /  ICS Security   /  Cybersecurity   /  9 questions you should ask before choosing a security vendor
cybersecurity vendor

9 questions you should ask before choosing a security vendor

There are many companies that provide security products and services for IT and OT environments. Needless to say, selecting the right vendor is key to the success of cybersecurity implementation across the organization. To help you make the ideal choice, here are some questions you might want to consider when evaluating the security vendor options for your organization.

These are the questions you should ask before choosing a security vendor

  • Does the vendor understand IT and OT risk assessment and management?
  • Does the vendor have security and threat experts from the IT, OT and cloud environments?
  • Is the vendor willing to bring in experts where necessary to address specific issues such as ICS?
  • Does the vendor use proven technologies that can work in the IT, OT and cloud environments?
  • Does the vendor have the technologies to deal with threats across the environment?
  • Is the vendor willing to modify and adapt the technologies to deal with evolving threats and challenges in the new converged environment?
  • Does the vendor have a proven history of working and developing new technologies to deal with the evolving technology landscape?
  • Is the vendor willing to help you go through your digital transformation process?
  • Is the vendor going to be around for the next five to 10 years?

How to choose the best security vendor?

Choosing the right vendor is vital to the enforcement of cybersecurity within the enterprise. In doing so, however, organizations need to bear in mind that in the long haul, security is more than just a product — it’s a process. It’s therefore important for organizations to select a security vendor that has a comprehensive understanding of the ins and outs of cybersecurity as it applies to IT/OT convergence as well as the technologies necessary to address the challenges created by the rise of IoT and IIoT, as these applications are generally built with and therefore inherit the lack of security of existing ICS devices. Existing IIoT networks are being augmented with existing ICS devices (without adequate security) to bring in additional data needed for big data analytics. Interconnected devices currently use custom protocols or gateways to get to universal protocols such as OPC Unified Architecture. Unfortunately, the custom protocols or gateways are often developed without sufficient security considerations.

Further reading: IIoT Security Challenges and Vulnerabilities

Key selling points of security vendors

One of the key selling points of IIoT is reachability: integration between the machines and the humans who run them.  Hence, new entry points will need to be introduced into the reference model to achieve increased connectivity objectives. These new capabilities introduce cybersecurity considerations that will need to be addressed.

To learn more about IT/OT Convergence and Cybersecurity, Security Challenges for IIoT, Cybersecurity Framework and Technologies to Consider, download this free whitepaper.


Richard Ku has over 23+ years of hands-on experience working in the hi-tech and security industry in a number of leading roles, as individual contributor and management. Currently served as Sr. Vice President of Product and Services Management for Trend Micro Enterprise and Small Business Foundation Security Product and Services.

Joe Weiss, PE, CISM, CRISC, ISA Fellow, IEEE Senior Member, MD ISA99, is an industry expert on control systems and electronic security of control systems, with more than 40 years of experience in the energy industry. Mr. Weiss spent more than 14 years at the Electric Power Research Institute (EPRI) where he led a variety of programs including the Nuclear Plant Instrumentation and Diagnostics Program, the Fossil Plant Instrumentation & Controls Program, the Y2K Embedded Systems Program and, the cyber security for digital control systems.


Post a Comment