@GossiTheDog I feel like lots of security products suffer from the "tiger repellent stone" problem: The product working is marked by the absence of incidents, and it's near impossible to say whether or not a specific measure does much, especially when there is a commercial interest involved to make it look like it does something.
That commercial disincentive usually means I trust an internal security team much more than a product that is for sale.
Also, even for things that are beneficial, there are incentives to make them appear more beneficial potentially at the expense of actual benefit (c.f. various dashboard and extraneous-but-flashy functionality).
Do you think such incentives don't apply to internal security teams, or that they are (relatively) much weaker?
@robryk @GossiTheDog they definitely still apply internally, everybody has an incentive to not get fired, after all. But they are in my experience generally weaker, as people collect a pay check more or less independently of their work.
Of course, this also requires the internal security team to be trusted and have necessary resources to do their work, but in general, they are much less likely to try to sell you something over an external vendor.