Request A Consultation

CES 2025: Think Before Relying on Shiny New Solutions

Chris Clements, VP of Solutions Architecture

Just as a $5,000 gaming PC won’t make someone a better gamer if they haven’t mastered the basic controls, a sophisticated security solution won’t protect an organization that hasn’t implemented fundamental security practices.

Oh… Shiny!

At CES this year, we’ll no doubt see dazzling new gadgets, AI-powered everything whether it makes sense or not, and cutting-edge innovations that capture everyone’s imagination. As an unrepentant gadget nerd, CES is always one of my favorite times a year and it’s fun to imagine how amazing it would be to get the latest and greatest 100” roll-up TV, but of course reality always sets in to remind me that there are more, uh, responsible ways to spend my budget.  Similarly, in cybersecurity, organizations often get captivated by flashy new solutions – whether it’s the latest AI-powered threat detection, quantum-resistant encryption, or zero-trust architectures.

However, here’s the crucial difference: While buying the latest smart home device or folding phone might lead to at worst some wasted money, neglecting cybersecurity basics in favor of advanced solutions can be catastrophic. It’s like installing a sophisticated smart lock system while leaving your windows wide open.

Consider the Following:

Many major data breaches didn’t result from sophisticated attacks defeating advanced security measures. Instead, they often exploited basic vulnerabilities like:

  • Unpatched systems
  • Weak password policies
  • lack of multi-factor authentication
  • Poor access management
  • Insufficient security awareness training

The “silver bullet” mentality is particularly dangerous in cybersecurity because it can create a false sense of security.  To be fair it doesn’t help that some cybersecurity vendors make product or service claims that at best are orthogonal to real world incidents and at worst are laughably overstated in effectiveness. That’s not to say that products or services are useless, quite the contrary some like current generation EDR tools and 24/7 SOC monitoring in particular are critical, but they fall into the category of “necessary but not sufficient” to protect an organization by themselves.  

Bringing it back to CES, the challenge is understanding whether the new whiz-bang is the equivalent of a dubiously useful “AI powered charging cable” (dear god, why?) or an actually beneficial smart vacuum cleaner that leverages AI to identify messy doggie-derived items in its path in order to steer clear of running them over.  For those not steeped in the cybersecurity industry this can be a tall order and finding a trusted partner like a vCISO or other cybersecurity strategy and risk provider can be a godsend at sorting the best from all the rest.

Effort > Currency

Think of it this way: Just as a $5,000 gaming PC won’t make someone a better gamer if they haven’t mastered the basic controls, a sophisticated security solution won’t protect an organization that hasn’t implemented fundamental security practices.  The good news is that many of these fundamental practices can be bought with a bit of effort instead of currency:

  • Regular security updates and patch management
  • Proper network segmentation
  • Applying system and application hardening baselines
  • Regular backups
  • Employee security training

Ultimately, cybersecurity is a layered process that includes strategy, configuration, monitoring, and yes technology solutions to ensure that you have several lines of defense to remain resilient against today’s latest cyber threats.

What’s your experience with this in your organization? Have you observed similar tendencies to chase new security solutions while potentially overlooking the basics?


About the Author

Image of Chris Clements.

Chris Clements, CISSP, CCSA, CCSE, CCSE+, CCSI, CCNA, CCNP, MCSE, Network+, A+, began working in the information security field in 2001, and has a wide range of experience with information security technologies including: 

  • Firewalls
  • Intrusion Protection Systems (IPS)
  • Intrusion Detection Systems (IDS)
  • Virtual Private Networking (VPN)
  • Anti-Malware
  • Strong Authentication
  • Disk Encryption

Chris is also an expert in information security design, security compliance, and penetration testing (ethical hacking) techniques such as: 

  •  Vulnerability Assessment 
  • Man in the Middle Attacks 
  • SQL Injection 
  • Cross Site Scripting 
  • Phishing 
  • Secure Environment Breakouts 
  • Privilege Escalation 
  • Password Interception 
  • Password Cracking 

He has worked to secure hundreds of customers across North America, from Fortune 500 companies with billions in revenue to small businesses with just a few users.  He has developed in-depth security auditing and penetration testing products and service offerings and engaging end-user security awareness programs.  Chris also enjoys teaching and has led courses on information security for hundreds of students.  With his unique skill set and background in both technical operations and business management, Chris has strengths in business management, sales, and product and service delivery.