SMB cyber security: we feel your pain – RSA day two

Day two of the show, and we ask vendors and participants what the pain points are for Small and Medium Businesses (SMB), especially in the category from 25 to 250 member organizations, even narrowing that to 100 employees or less. It seems this sector is largely missed by the large vendors on the show floor with their amazing 40 Gigabit offerings capable of near realtime security analysis at blinding speeds in a carrier-class deployment. But how many organizations closer in size to the startup end of the spectrum have that kind of budget – or need? SMB’s may need something a little more down to earth, where bottom line costs are a major factor in the equation.

So in the SMB segment we queried a smattering of participants, and here’s what we found they were interested in:

1. Dirt simple, yet effective: SMB’s want something that’s dirt simple to deploy. They don’t want a solution that requires hiring new staff to operate, even if it may be the slickest new network appliance. There just aren’t the personnel available, especially after adding in the training time to get them up to speed on something new, along with understanding the potential complexities of something custom, like a source-compiled Snort IPS with bleeding edge rules and sorting through potentially huge noisy log files while tuning accordingly until you get results. There just aren’t the resources, so SMB’s want something they can just turn it on and it works. It may not work quite as well as the bleeding edge tricked out handbuilt box for their particular scenario, but they don’t want to have to think about it, it just has to “just work.”

2. Qualified help built in: Many companies are offering a cloud component to their service, where you buy a box, but some of the work is offloaded either to a cloud offering managed remotely, or as a pure service oriented offering. This edges more toward the “IT as a commodity” side of things, but there may be more than just a cost issue involved. This follows a line of thought where a single vendor might have core experience in areas you may not, and if you use them, you’d have a fixed cost that you could manage with no surprises, which sounds tempting. Also, if there are sudden security problems that surface, like a breach, you may have help on call without trying to find a super-expert at the spur of the moment, which is sure to cost dearly, especially one with the highly specialized experience you may need during a breach. And would you know who to call in that situation anyway?

3. A vendor who knows what you do: One that actively participates, or is interested in helping and understanding your organization’s needs. This may not mean they are intimately familiar with all aspects of your daily operations, but it means they understand your business well enough to help you step through various pain points by caring enough and being engaged enough to offer relevant, timely and helpful information that’s more than just reading a brochure and guessing. While small businesses can just Google an issue, it’s hard to beat having a “technical sounding board” that you can run concepts by, especially if they have more experience in a particular business segment you may not be especially familiar with. If they can steer you away from murky waters before you embark – so much the better. SMB’s don’t mind helpful information from someone who’s knowledgeable about their situation, they mind irrelevant wastes of time from under-informed cold calls looking for a quick sale without any depth of knowledge or value added for you.

To that end, we ask you, the SMB, to drop us a line at and let us know what we can improve as a vendor in the security space to add value to your SMB…how can we help your situation? We are preparing for launch of an upcoming product that (hopefully) includes some of the items from the top of your wishlist, but want to know how we can better serve you. After all, much of our success thus far has come from meeting your needs, and we would hope to continue that in the future.

Author , ESET

Follow us

Copyright © 2017 ESET, All Rights Reserved.