Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Part 2: Is an RFP the Best Use of Your Organization’s Resources?

Yesterday I wrote about some common Request for Proposal (RFP) pitfalls we have seen over the years at Trustwave. (part 1)

Trustwave offers a wide range of services — from Managed Detection & Response (MDR), Managed SIEM services from Splunk, Qradar, LogRhythm and Microsoft Sentinel to security testing and complex Red Team engagements, so we‘ve seen numerous styles and approaches in the format and presentation of the requests. 

This writing reawakened an earlier train of thought about changing the security industry’s mindset toward the RFP process. In cybersecurity, a single solution or vendor rarely meets an organization’s needs entirely. While there are naturally varying levels to this sweeping statement when we get to the workshop stage of nearly every engagement, we find the client has matured since the start of the engagement; they’ve had additional discussions and continued to refine their requirements. 

This change means the RFP document started six months ago is no longer relevant—either in part or in its entirety.

For example, during the period the RFP was being written, the business has come to more fully understand their requirements so that the initial list of 42 mandatory items is now down to only five elements. Alternately, a previous requirement that mandated onsite data storage has since been superseded by the cloud-first mantra as a result of the growth in remote employees.

So why do we put ourselves through this process? Is this a bizarre Stockholm Syndrome in which we lay captive wanting to hear a vendor’s strategies or marketing-approved answers that make each sound fabulous with only the best security people in the world? It could be. But I’m pretty sure we can do better.

Improving the RFP Process

There are numerous ways the RFP process can improve. We could even start a think tank and call it The Stockholm Group. As an example, I’ve outlined an alternate method to simplify an organization’s procurement procedure.

  • Select five vendors/service providers your peers have recommended and/or have scored highly in a respected third-party evaluation (e.g., Gartner, Forrester, etc.)
  • Invite them to an introductory call.
  • Present the challenge(s) you would like them to solve 
  • Supply each vendor with the presentation and any other relevant details.
  • Book workshops with each vendor
  • Give them 2 hours to present their solution. 
  • Discern the reality of what they can deliver: This is not simply a sales pitch; you must know the ins and outs of the solution, how it will solve your business need, how it operates within your existing structure, and the responder company’s SLAs around implementation, support, etc.
  • Narrow down the field to two finalists.
  • Schedule a final workshop with each to address any unanswered questions or concerns.
  • Negotiate – don’t skip this part! You will ultimately regret “settling” for a solution or price that wasn’t your intended goal.
  • Sign contracts, start implementation
  • Live happily ever after

Above all, be transparent with the vendors. Tell them why you ultimately opted to go with a competitor and what they could have done differently to win the business. You could potentially influence their future roadmap to consider different capabilities, or at the very least, assure the salesperson that they haven’t completely failed for not securing your business.

The aim of any new approach should be to more efficiently and accurately obtain the necessary information and achieve the outcomes both parties are striving for. This streamlined process can significantly reduce the time from initiating the RFP to implementation and improve the quality of the vendors’ responses.

If you would like to talk to our dedicated RFP team on your current or future RFP plans, feel free to get in touch at mailto:rfphelp@trustwave.com.

ABOUT TRUSTWAVE

Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.

Latest Intelligence

Discover how our specialists can tailor a security program to fit the needs of
your organization.

Request a Demo