Recently I decided to re-evaluate my company’s vulnerability scanning options. The problem wasn’t functionality, accuracy, or cost. The problem was service. I was using two vendors: a cloud provider for external scanning, and a company that sold virtual appliances for internal deployment. Over the past few years, one of the vendors had been acquired twice, and over time that vendor’s service became miserable.

Support requests that were once answered directly by an analyst were now routed through low-level technicians who often didn’t have the answer on hand. I understand that a growing security vendor has to cope with scale, but it routinely took 24 hours for a callback. That’s frustrating, particularly if I’m dealing with an emergency.

I also had no idea who my sales rep was. The rep listed in my portal was no longer with the company. In fact, my only reliable contact from the company was an automated e-mail when it was time to renew our annual subscription. Whenever I did manage to get someone on the phone, they pushed multi-year contracts. If I’m already dissatisfied, why would I want a long-term commitment?

Since I was taking the time to shop around, I thought that a unified interface to manage the internal and external scanners would be great to have. It turns out my existing internal scanning provider also had an externally hosted product with new PCI-related features. This seemed like a good place to start.

Unfortunately, the unified management package was priced substantially higher than my existing product. I was also dismayed to learn that the vendor was no longer selling the product directly. Instead, I’d have to go through a distributor that likely knew little about vulnerability scanners.

I weighed other options and called a few vendors. I left voicemails, all of which went unanswered -- just the sort of thing I was trying to escape.

Eventually I decided to renew my subscription with my internal vendor and add their cloud-based perimeter service. I declined the unified management option because of the cost, but at least I’m dealing with just one vendor now rather than two.

The move saves my company a couple of thousand dollars per year, but more important to me, I’m no longer rewarding that other vendor for increasingly lackluster service.

Products need to perform as expected, but service and relationship are important too. Even the most straightforward products occasionally require contact with a human. Some companies seem to have forgotten this -- to their detriment.