differentiating between scans - sales tools vs. actual security graphic with computer system performing scan


Imagine you’ve just purchased a certified used car. As part of due diligence, you take that car into another dealership for a full workup. That dealership tells you that you have $9,000 in repair work before the vehicle should be considered drivable. You return to the dealership that sold you the “lemon” understandably peeved at what appears to be a slimy sale. They encourage you to get a second opinion, which you begrudgingly oblige only to find that they were accurate in their assessment of the vehicle and it only needed some standard upgrades/repairs amounting to no more than $1000. Clearly, the dealership quoting $9,000 in services was just in it for the sale, and didn’t have your best interest in mind.

In the realm of cybersecurity, it’s important to distinguish between sales tools and genuine security measures. One area particularly relevant today is certain discovery/vulnerability scans. While many market these tools as equally valuable for sales and cybersecurity, assess their effectiveness in providing robust security before proceeding wholeheartedly.

It’s essential to recognize that certain scans are primarily sales-driven, designed to highlight potential security risks rather than actively assessing vulnerabilities. Claims made by such sales tools should be approached with caution, as their accuracy and reliability may be questionable. Without comprehensive data and reliable references, it becomes challenging to trust the validity of their claims.

When evaluating the effectiveness of security tools, reliable sources and references are vital. Reported results that lack logical coherence or fail to align with established cybersecurity practices skeptically. It’s important to remain grounded and prioritize factual information rather than being swayed by emotional reactions.

Vetting the Tool

Even more so, it’s crucial to follow a thorough vetting process. Here are some key steps to help you make an informed assessment:

  1. Research the Provider: Start by researching the provider offering the scan. Look for information about their reputation, expertise, and track record in the cybersecurity industry. Trusted and established companies are more likely to offer reliable and effective security solutions.
  2. Understand the Methodology: Dive into the details of the scan methodology. Gain a clear understanding of how the scan operates, what vulnerabilities or risks it targets, and how it identifies and assesses potential security issues. Look for transparency in the process and ensure it aligns with industry best practices. At the end of the day there are many ways to skin a cat. It is likely that a tool is only testing for their favorite/preferred method, not every successful method for hardening an environment.
  3. Check for References and Case Studies: Look for references and case studies from reputable sources that have used the scan. Genuine security providers should be able to provide evidence of their effectiveness through documented success stories and satisfied clients. Verify the authenticity of these references and assess their credibility.
  4. Evaluate the Claims: Scrutinize the claims made by the scan provider. Assess whether they align with established cybersecurity knowledge and practices. Claims that seem exaggerated, lack supporting evidence, or contradict widely accepted principles should raise red flags.
  5. Consult with Cybersecurity Professionals: Engage with cybersecurity professionals, like BLOKWORX. Seek their expert opinion and have them review the scan and its findings. Their knowledge and experience can help you differentiate between sales tools and genuine security solutions.
  6. Consider the Overall Security Strategy: Assess how the scan fits into your overall security strategy. Determine whether it complements other security measures and aligns with your organization’s specific needs and goals. A holistic approach to security involves multiple layers of protection, so ensure the scan is part of a comprehensive cybersecurity framework.

By following these steps, you can effectively vet a scan and discern between sales-driven tools and genuine security measures. Prioritize research, evidence, and expert opinions to make an informed decision that aligns with your organization’s security requirements and goals.

Bottom Line: Partner With Those Your Trust

It’s essential to have a trusted cybersecurity partner, who can help navigate through various scans and thoroughly analyze the findings. If you’ve been successfully working with a Partner, like BLOKWORX, for years, and they’ve pulled you out of some pretty hot water; then you get a report from another scan that they’re not even performing the basics, you may want to think twice about that report.

If you are BLOKWORX partners and have received scans from sales-driven tools, we encourage you to share the findings with us for a comprehensive analysis and review before presenting them to your prospect or clients. Our team at BLOKWORX can help you better understand the solutions and separate sales-driven claims from effective security practices. Remember, a proactive and knowledgeable approach to cybersecurity is crucial in safeguarding your digital environment.