This week, I visited the InfoSec Europe 2007 tradeshow in London. I was astounded to see that the show was probably twice as large as last year. Major security vendors held a faster pace and lots of new small vendors had appeared out of nowhere, jumping onto the hot security bandwagon.

Walking the floor, you could easily get lost in the myriad of security offerings - from comprehensive do-it-all security suites, to security audits that advise customers what protection they actually need.

I have been dealing with security for the past 20-years. I hold CISSP (Certified Information Systems Security Professional) accreditation, yet it was still difficult for me to understand what some companies actually offered and why their offering was the one solution you absolutely could not live without. I found myself thinking about those customers who did not have deep security knowledge - how would they navigate the multitude of options to decide which product to buy? Would they know how to define the pros and cons?

I asked myself a lot of questions: Should I, as a customer, listen to my reseller? After all, it is his job to recommend the best solution. But is he not biased toward products in his portfolio? And should I go for a well known brand name? Nobody was ever fired for buying I*M, but is it really the best-of-breed solution?

Big companies are known for their slow adaptation to new technologies - they are usually behind the market. Just look at what happened to anti-virus companies when spyware became a serious issue. People had to purchase dedicated anti-spyware because their anti-virus vendor kept promising solutions which never came.

Should I, as a customer, go for a small and dynamic company that has new, innovative technologies, but which I am sure will be around tomorrow? The security market is converging. The big fish constantly swallow the small ones - and after digestion, they are not always loyal to the customers which have stayed with the old product.

The dilemma is a complicated one, and there are too many parameters in the equation to solve. Thus, I recommend either doing the homework yourself, or consulting an independent security expert who is unbiased because he is not selling you any products. Don't necessary go for the big name - just because they have large booth at the tradeshow and spend a lot of money on marketing, it doesn't mean they are the right choice. If you decide to go with a small company, check their background and their financial stability to make sure they will not go belly-up next week.

However, the most important advice that I can give you is this: take the product for a trial-run before you sign the check. There is nothing like taking a test drive and seeing it in action. You need to make sure that the solution actually does what the vendor promises you, and that it fits your needs. I know what you are thinking: implementing and testing every solution you consider buying is a nightmare for the IT department. Not only that, but unsuccessful tests will eat into their precious time.

I realize that it is not simple to install a security product that you want to test in production. And I know that testing it in a lab will never give you an accurate picture. So, how should you go about selecting a product and testing it, without effecting your infrastructure, your network and your users?

This is an issue some vendors have considered - Aladdin among them. We recently introduced a new tool into our eSafe family product line. This tool can be used to test the effectiveness of our eSafe product with absolutely no effect on your network. It connects to a mirror port of your gateway switch, sniffing all Internet traffic. Wait a few days, and then you can generate reports, actually seeing what eSafe would have blocked if it had been fully deployed in your network. Smart, don't you agree?

So don't wait - deal with the issue today: ask your security vendor if they can provide you with an accurate demonstration - without making changes to your network configurations.

To learn more about Aladdin eSafe, click here.