Security vendors warn of the tricks of the trade

Security experts at the Enterprise Wireless Technology show warn of 'marchitecture', FUD and product spec hype

Many companies selling security products are guilty of hyping their offerings and scaring customers with problems that are often unfounded, said a panel of security experts at the Enterprise Wireless Technology (EWT) trade show in London on Thursday.

A panel of security experts warned IT managers that they must go into their negotiations with security vendors with their eyes very wide open.

"What's amazing it how they will think up a problem and then try and sell you a solution for it," said David Hobson, managing director of Global Secure Systems.

"The FUD (fear, uncertainty and doubt) factor in security is great. They get you scared and then they can add another nought to the end of the bill," said Hobson.

Other panellists agreed that some security companies regularly indulge in 'marchitecture' -- the practice of telling customers that a certain product is more powerful than is actually the case.

Karl Feilder, chief executive of Red-M, cited the practice of publishing different versions of product data sheets in different languages. He said that in the US it's seen as perfectly acceptable to oversell your product's capabilities, which UK companies may see as "not cricket".

"If a UK company sells a device and says it does 100 because it does 100, then a US reader will say 'why does this only do 50?' -- because they're so used to everything being hyped," said Feilder.

Faced with such practices, IT managers may wish to find a reseller that takes the time to thoroughly test the performance of the products they sell.

Hobson has an alternative approach.

"I try to get to know the chief executive or the chairman of the companies whose products we buy. So, if it doesn't work, I can get on the phone to them and kick them," said Hobson.