Over the last few decades, survey after survey has shown that if IT Administrators had their way, the vast majority of them prefer a hand-picked set of best-of-breed point solutions over bundled suite of tools from one vendor. But sometimes there are organizational obstacles.
In certain scenarios, decision-making groups, procurement, or perhaps a C-level exec, think that buying functionality that is bundled-in with a larger, multiproduct vendor is preferred approach. There are some perceived advantages like less vendors to deal with, the claimed 'integration' in the suite, or perhaps a very competitive price for a feature.
The IT security world is often one of rapid consolidation, buyouts, and mergers as a particular part of the industry matures. What used to be a stand-alone, best-of-breed, product often becomes just one small part of an overall, much larger, product suite.
It can sound tempting to buy an integrated “solution.” Besides paying one invoice and licensing fee, it can mean dealing with one company. Many times, a primary, wanted feature is “given away” as incentive to buy the larger suite of products. “Why buy just that one thing from best-of-breed vendor x when you can package our version of that functionality into your deal with us for just a bit more!” is the product suite sales person’s proposition.
Good question. We wrote a white paper with what we believe is the right answer. You can download it at the bottom of this post and send it to your decision makers to support your business case. Here follows a summary if you need that ammo right now to help you prevent your organization making a mistake that may very well cost you personally a lot of time and could significantly increase your organizations' risk related to social engineering.
So what are the seven factors involved here?
1) Focus
The key differentiator of a stand-alone product is focus. Focus from the developers; focus from management; focus by the entire company on the major objective. It is difficult for a larger company to have the same laser-precise focus on product, customers, and on the specific threats the solution fights as it did when it had a single focus.
In most cases, staff from an acquired company is either reduced and/or their responsibility and objectives expanded to support the goals of the larger company. Even if the staff size remains the same, it becomes just one more line-item on business calls, budgets, and price sheets. Former best-of-breed vendors often become a minimized afterthought; just a me-too checkbox. “Yeah we have that”.
2) Quality
That focus enables us to provide a better, more feature-rich product. When the entire infrastructure and management of a vendor is focused on one objective, that allows for better listening to customers and incorporating that feedback faster into future versions.
If customers are complaining about a bug or missing feature, it becomes a priority. When the entire development team is working on a single “point-solution platform” their experience and common objectives simply allows for a better quality product to emerge. KnowBe4 releases new features monthly, based on both the needs and requests of existing and
new customers. KnowBe4 customer feedback is super important. KnowBe4 is the winner of dozens of independent industry and customer awards.
3) Support
Just as developers have the advantage of working on a single product, so too, does product technical support.
With many large vendors, simply getting the help you need for the product you need can be a frustrating challenge. Compare that to calling a single number and getting routed to a tech support person who can immediately start to answer your question. At KnowBe4, our tech support staff are product specialists who are seasoned experts with the ability to communicate clearly and effectively.
Would you rather spend 10-minutes getting routed through different phone trees or filling out answers to trouble ticket forms or spend your first 10 minutes getting to the help you need?
4) Innovation
Products and services must constantly innovate to meet your ever-evolving set of requirements or they become obsolete. KnowBe4’s single-market focus helps us to listen to your needs and to innovate quickly. Many new features and/or feature expansions are added every month. Our developers aren’t competing with other internal product teams to see which team gets the focus and right resources. Our resources are 100% focused on driving innovation in one product class. Simply put, focused companies are able to out-innovate companies that have less focus.
The sad truth is that we’ve seen several once-leading security awareness vendors enter immediate downward spirals soon after being acquired. The lack of continued product investment and innovation hurts their product and, worse, their customers. So, these watered-down products are often bundled or “thrown-in” to secure other lucrative deals that didn’t have security awareness in scope. Let’s face it, if your goal is to prevent a cyberattack that could bring crippling brand damage, along with tremendous financial loss, a neglected, discounted, “thrown-in” product should not be considered.
5) Competitive Objectives
Some security awareness training vendors also sell email gateways which are put in place to filter social engineering and phishing attacks. So far, to date, no defensive anti-phishing product (or even collection of products) has ever been 100% successful in stopping all malicious emails, meaning you need a very strong last line of defense...your users.
Any secure email gateway vendor who also sells phishing simulations is working against themselves at some point. They are implicitly admitting that their gateway can’t be 100% effective, and yet they generally don’t fully enable customers to proactively test employees on the types of scenarios that are most likely to slip past their own technical defenses. This leads to a false sense of security. Sometimes the only actual “testing” of an employee is done by real-world phishing scams that were not blocked by the email gateway, The last thing you need...
6) Disjointed Integration
If you buy a product suite, that vendor is supposed to provide you with a common admin console so that the learning curve in one product or feature set can be more easily used in another. Sadly, we have all seen many times that claimed integration is often disappointing or even non-existent.
Instead of a single, seamless pane-of-glass, the 'integrated' products are often a confusion of disjointed interfaces and admin consoles. Sometimes the only integration is the product name; the promised integration is often only the barest effort to integrate the smaller product into the suite.
Sometimes the supposed integration is so bad that it actually complicates the product even more and makes it harder to use than if the two products existed separately. The Internet is full of previously satisfied customers lamenting the product’s demise and lack of focus after the lackluster, over-promised, integration.
7) Cost
The most common selling point for buying an integrated product is the supposed lower cost (or even “free” price) of the wanted feature as compared to its stand-alone, best-of-breed competitor. Remember, you get what you pay for.
The buyer is often getting a larger, but mostly unwanted, feature set as part of a higher-cost bundle. Unfortunately, the only valid reason should be true reduction of risk. Most integrated products simply are not as good and robust as their stand-alone competitors. It’s a matter of focus. Will an inferior product reduce risk as well as a best-of-breed product? No.
Today, cybersecurity risk reduction means preventing downtime caused by data breaches, ransomware infections, and intellectual property theft. A single cybersecurity incident can compromise the whole enterprise, result in operational interruption, and long-term reputation damage. The cost of buying an inferior product is almost always higher risk (or lower risk reduction) as compared to a better product.
We all know that cost isn’t just purchase price. In the case of security awareness training, a superior product simply reduces risk better and faster, and demonstrably so. And investing in a superior security awareness and training product demonstrates to your customers that you are investing in your employees to ensure that they are at the highest level of readiness to protect and defend your partnership.
That’s the kind of assurance that builds brands and loyalty, (and in many cases saves a lot of IT admin time as well). In the end, KnowBe4 could not think of a computer security product which had been acquired by a larger company to be included in a larger suite of products that thrived and innovated like it had before the acquisition. But we can come up with many examples of the opposite, where acquired products weakened and often faded into obscurity, no longer able to meet the needs of its previous customers.
While not every competitive situation can be answered with a blanket “yes” or “no” answer, it rarely makes sense to buy a lesser, “full-suite vendor” offering as compared to a stronger, standalone, higher quality, best-of breed, product. At KnowBe4, we know our focus and commitment gives you a fantastic product with superior risk reduction and performance for a no-brainer price.
Here is the link to your white paper
https://info.knowbe4.com/wp-stand-alone-product-versus-product-suite