A vendor-independent website directory of security companies and product reviews, launched in early February, aims to guide security product customers -- and resellers -- in their search for the best infosec tools.
The site, Security Scoreboard, is meant to be a service for security executives at midsized companies, according to Boaz Gelbord, founder of the resource and an information security executive at a midsized firm in New York City. Gelbord himself knows first-hand the struggle of finding product and vendor information easily.
"Every time I researched a security challenge, like the players in the DLP or database security space, it was incredibly challenging. There was no directory that really mapped out the market players for you," Gelbord said, adding that customers may often only be able to rely on their VARs for opinions on given solutions.
The site, which launched on Feb. 1, also plans to publish periodic market snapshots of what users are searching for, and what appear to be the most popular technologies and solutions. The site is organized into 30 categories, each containing dozens of providers, including vendors of SIEM, firewalls, email security and UTM. Companies that have a sufficient online presence and a focus on information security can contact the site and add themselves to the directory.
"The real value of the site is that it's vendor neutral. The transparency is the big added value," Gelbord said.
The system isn't foolproof, said the founder, but he stressed the importance of credibility and authentic opinions. If a user has posted a review from an anonymous email address, for example, and it appears to have an unbalanced perspective of a company, the team will follow-up and ask for confirmation that the person has a customer capacity.
Security Scoreboard emphasizes its value to CISOs and IT managers looking to orient themselves in the marketplace, as well as teams that may not have the resources to hire analysts or dedicate teams to internal research. Gelbord, however, asserts that the directory will benefit resellers as well.
"It's absolutely a tool for VARs and will show how successful solutions will be in the marketplace. …They'll know what's out there and what to offer customers," Gelbord said.
Although the site targets security officers and IT managers of midsized companies, solution providers may already have their product choices made up, as resellers have established relationships with particular vendors and may already train their consultants on specific vendor technologies. Jim Kelton, managing principal at Altius Information Technologies Inc., agrees that solution providers may be restricted by their current vendor alliances. Kelton, though, said Security Scoreboard may provide value for resellers interested in emerging technologies.
"The directory might be helpful if we're getting into a new [technology] area that we're not familiar with, and we may want to evaluate and get up to speed on certain products."
Dr. Anton Chuvakin, author of the popular infosec blog "Security Warrior" and security expert in the field of log management and PCI DSS compliance, believes that resellers, consultants and solution providers will receive the same benefits as end users. "Product reviews are one of the most important angles of the site. … If you're a reseller, and you want to know which tool to resell, you might look at a review and see if an IPS is hated by everybody, but this other tool is much more popular."
Announced this week, Chuvakin, along with four other security practitioners and thought leaders, will be part of a Security Advisory board that continually assesses the usefulness of the directory to the security community and helps to structure the site in a way that reflects current trends in the industry.
The site's main appeal, said Chuvakin, will be for those who are looking to find objective research that is not "pay for play."