Aside their products being used to protect millions of consumers and businesses, vendors help law enforcement by sharing threat intelligence, and taking down criminal infrastructure (like botnets). Research teams give fresh insight on new and old malware through publications like these, and their own blogs.
They provide free tech, like free decryption tools against ransomware, and have researchers disclosing vulnerabilities responsibly. They provide world-class training through bodies like SANS and ISC2, or contribute to OWASP.
Jennifer Stephens is CEO at security consultancy IoActive, which has developed a fine reputation for disclosing vulnerabilities, especially with connected cars. She stresses the importance of corporate responsibility.
“One hundred percent of our revenue is from the security services we deliver, but we also conduct thousands of hours of research a year that we do entirely on our own dime.
“The output of our research alerts consumers to security risks and provides vendors information that enables them to make their products more secure, whether they choose to work with us to do so or not.” She added that the firm’s Advisory Services practice provides strategic guidance on how to continually improve the organization’s security posture “long after our engagement is done.”
“Finally, many members of our team are prolific speakers, writers, bloggers and advisers that give free talks around the country, participate in or lead security chapters or projects within their communities or associations.”
Marcin Kleczynski, co-founder and CEO of Malwarebytes, said in an email to CSO that its focus is beyond just technology.
“Our entire company is dedicated to protecting consumers and businesses from the most dangerous cyber threats, but effective protection against these threats often necessitates far more than technology solutions.
“So, our Malwarebytes Labs team works hard to discover and educate the public on the latest dangerous exploits and attack methods, documenting them on our blog with advice for how consumers and businesses can best navigate the threat landscape. We have even gone as far as working with law enforcement to shut down some tech support scammers and cyber criminals using our labs research.”
The increased collaboration with law enforcement is becoming more commonplace; in July, the Dutch National Police, Europol, Intel Security and Kaspersky Lab joined forces to launch an initiative called No More Ransom, to spread the word about the threat of ransomware, while May saw Europol and F-Secure sign an memorandum of understanding to share cyber-crime information.
Late last year FBI, Interpol, Microsoft and ESET partnered to take down the infrastructure behind the Dorkbot botnet which infected 1 million computers with malware.
Do some vendors spread FUD and sell ‘snake oil’?
For all its notable efforts, the vendor community does often receive criticism for spreading fear around the security threat in the hope of selling more products.
Sign up for CIO Asia eNewsletters.