Sure, but there are SOME that aren't selling snake oil. I'm invested in one of them. But yeah, most are. I guess the interesting question for me is how long does it take for the real wheat to stand out from the chaff.
You might have an amazing product that solves a relevant security issue but Enterprise sales cycles and checkbox driven procurement force you to incorporate half baked features in order to capture the next fad.
Look at the XDR hype train 3 years ago, ZTNA 2 years ago, and the whole CNAPP/CASB/CSPM buzzword BS
Tbf, I am being a bit dramatic about it, but I feel the split persona sales cycles we're forced to deal with incentivizes checkbox driven development.
Such is as it's always been. A few years ago, I worked for a B2B enterprise data security firm. We didn't sell snake oil at all -- but our customers were so used to hearing snake oil salesmen talk that they had very odd demands that didn't improve their security. And in some cases, reduced it.
Dealing with those expectations was always an issue.
Agreed! I was a bit dramatic with the whole "snake oil" statement, but managing buyer expectations and competitive pressures is definetly a grating experience.
So how much would it cost to hire a hacker to breach a system deploying their solution?
I bet you if you asked their VP of engineering: “If I had one skilled hacker and a year, are there any non-trivial customer deployments that could stop me?” The answer would either be a resounding no or they would not be able to point to a single shred of evidence supporting their assertion like a red team exercise with those parameters.
