The fact that there is no silver bullet for cyber security, but instead every organization needs to work with a variety of vendors, has shaped the common practices of how we purchase security solutions. In many cases, there’s a checklist – we need a firewall, an end-point protection solution, a SIEM, a penetration service, a cloud security solution, and many other types of solutions to cover all of our bases. We review the alternatives in the market, compare their offering and their cost, allocate the available budget accordingly and prioritize. Once an item on the checklist is checked, we move on to the other items.