Message to Vendors: Drop the Mind Games

[kwalker2 () gte net]

http://www.computerworld.com/cwi/Printer_Friendly_Version/0,1212,NAV63_STO61587-,00.html

(I would like a squeezy key chain... :)

Message to Vendors: Drop the Mind Games

Trinkets and tricky sales techniques won't impress - how about products 
that work as advertised?

By Vince Tuesday
(Jun. 25, 2001) I have a competent security team that deals with a wide 
range of situations, but there's one task that sends a shiver down my team 
members' spines: a cold call from a security product salesperson. They pass 
these calls along to me as fast as they can.
As a large financial institution, my company is an ideal target for such 
calls. We have a big budget and a well-known name that, if associated with 
their products, would help security vendors sell to other financial 
institutions. We are also a bit of a hassle for vendors to sell to - we 
have a long-term security plan and rigorous evaluation criteria, so we 
don't generally select products based on cold calls.

THISWEEK'SGLOSSARY

Neurolinguistic programming (NLP): This is a sales psychology fad that 
involves reaching consensus by mirroring the actions of your prospective 
customer. The technique is meant to convince the customer that you share 
the same attitude because you share the same body language.
Host-based firewalls: These systems provide the same controls as firewall 
gateways but reside on the actual machine to be protected, rather than on 
the edge of the network. They're useful for home users and companies that 
don't trust users within their networks.

I hope these people will someday learn what a security manager really 
wants. In the meantime, here are a few tricks to beware of that salespeople 
have tried on my organization, and some responses security managers can try.

Challenge and Response

Don't get me wrong. I get on well with those few sales teams that bother to 
learn what I'm looking for and don't hassle me when they don't have the 
right product or service. But many use obvious tricks when a little honesty 
and patience would advance both our causes considerably.

I don't know who trains sales teams, but one trick that really doesn't work 
is neurolinguistic programming (NLP), or body-language mirroring.

Once you catch on that a salesman is using NLP, you can have a bit of fun 
with him. When someone on my team spots a salesman trying this trick, the 
spotter gives a previously agreed-upon signal, asking a specific question 
to let everyone know the games have begun. We try to work the salesman into 
the most unusual position or to get him to carry out the most ridiculous 
action.

It starts simply. For example, I might lean forward and then back, or hook 
one arm over my head. With each silly position, if the salesman copies me, 
I push it further. I've not yet gotten one to stand on the table, but I can 
hope.

Another common trick that salespeople use is to continually repeat our 
names: "So, Vince, are you interested in buying an intrusion detection 
system, Vince?" I think this is meant to make me feel friendly, and I 
suppose they might think the technique is working when I reply in kind 
with, "Well, Dave, I can see, Dave, that your product, Dave, is good, but 
it isn't, Dave, for us, Dave."

If they don't use cheap psychological tricks, they use blatant bribery. 
Like everyone else, we get free mouse pads, T-shirts and stress balls. We 
also collect more unusual freebies. We have those little curved mirrors 
that you stick to the corner of your monitor so you can subtly look over 
your shoulder. We like them so much that they have become a major component 
of our user awareness campaign, and we've put little slogans on them.

The oddest thing we have ever received has since become our team mascot, on 
proud display in our office. We were evaluating host-based firewalls. The 
technology was developed primarily for home users, so they can protect 
themselves from attacks while dialed in to a network. We wanted similar 
technology to let us divide our networks into logically distinct 
compartments without having to add filters at the switch or router level. 
So we were looking for a system that had the same technology as the 
home-based systems but allows centralized management and reporting.

One company we approached was Lichtenfels, Germany-based Biodata 
Information Technology AG. Biodata's Sphinx PC Firewall isn't suited to our 
needs, since it isn't aimed at multiple-machine organizations. But the 
company hopes to include the firewall technology in a more 
corporate-focused product later this year, so it sent us a copy for review.

What's this got to do with freebies? Right on the front of the box, it says 
in bold letters, "Now, with free squeezy key chain!" with a huge arrow 
pointing to the top right of the box, where a key-chain sphinx is proudly 
displayed.

I can't imagine what goes through a retail customer's mind when he selects 
a firewall product. Would you buy software for your home machine because it 
came with a free key chain?

But the squeezy is no ordinary key chain. When you squeeze it, bright green 
gunk bulges from its eyes and mouth. I don't know why, but I find it 
strangely compelling. If you've been given something weirder to try to 
persuade you to buy a product, let me know in the Security Manager's 
Journal forum.

An Offer You Can't Refuse

Recently, one company used a hook that I couldn't resist. I've mentioned 
before that we have looked at outsourcing parts of our security 
infrastructure where it makes sense, and one good area for outsourcing was 
external e-mail antivirus scanning.

We use MIMEsweeper from Dublin-based Baltimore Technologies PLC for gateway 
protection. As an alternative, there are products that offer an outsourced 
scan of all Internet e-mail before it's delivered by sending it via the 
outsourcing company's mail servers for checking.

U.K.-based managed service provider MessageLabs Ltd. has always stood out 
in this field with its comprehensive published data, including real-time 
mapping of the global spread of viruses. Now the company's pulled a very 
clever offer out of its hat.

MessageLabs' contract guarantees that users of its service won't receive 
viruses. If a virus slips through, the company says it will give you your 
money back. Any security company that puts its money where its hype is 
should be rewarded with plenty of business. Do any other companies want to 
step up to the mark and start offering the same deal?
 


ISN is hosted by SecurityFocus.com
---
To unsubscribe email isn-unsubscribe () SecurityFocus com.