Continuously Validate Security to Maximize the Value of Your InvestmentsUnlocking The Five Steps to Proper Security Validation
When companies make significant investments in security controls, they assume they are well protected against the latest cyber threats. Unfortunately, as we see day after day, this couldn't be further from the truth. The harsh reality is that most organizations are likely to be breached...or already have been but they don't know it.
According to the Mandiant Security Effectiveness Report 2020, A Deep Dive Into Cyber Reality, which is based on testing conducted by the Mandiant Security Instrumentation Platform, just over half of organizations tested were unaware that an attack was executing in their environment, and more than two-thirds of attacks executed were not prevented. This is because companies have a false sense of their security posture when in fact:
- their security tools are not properly configured;
- their IT environment is overly complicated and continuously changing;
- they are not properly testing effectiveness to validate performance.
Security validation has become an urgent and critical need for companies around the globe as a way to better defend against the rising tide of cyber-attacks, data breaches and other forms of malicious threats in order to sustain, if not improve, operational performance.
In the current high-risk environment with increasing numbers of phishing and ransomware attacks, larger remote workforces and gaps in security protocols, companies need to ensure their investments are delivering maximum value. Security validation has become an urgent and critical need for companies around the globe as a way to better defend against the rising tide of cyber-attacks, data breaches and other forms of malicious threats in order to sustain, if not improve, operational performance.
The 2020 Security Effectiveness Report shares our findings from an evaluation of 100+ enterprise production environments globally across every major vertical. As stated above, many organizations incorrectly assume that their networks and assets are continuously protected, despite the growing number of threats and attacks.
The report also identifies the following areas as the biggest challenges for organizations to address:
- Reconnaissance: 54% of the time, CISOs did not know that their environment was successfully being profiled
- Infiltrations & Ransomware: 68% of the time, CISOs were unaware that ransomware could be effectively deployed within their environment
- Policy Evasion: 65% of the time, CISOs were unaware that an attack could bypass their defenses
- Malicious File Transfer: 48% of the time, CISOs were unaware that malicious file transfer was taking place within the network
- Command & Control: 97% of command and control alerts didn't make it to the SIEM
- Data Exfiltration: 67% of the time, CISOs did not have visibility into the data loss taking place within their environment
Continuously Prove Security Effectiveness to Protect Critical Assets and Brand Value
Given the statistics outlined above, it's critical that CISOs and CFOs are able to validate performance of their security investments. Validation is about aligning a cyber security program to the security stack with desired business outcomes - such as cutting costs, reducing risk and protecting the brand, particularly when measured against the threats most likely to target the company. It's also about measuring the effectiveness of a security program across technology, people, and processes to determine if an organization is getting expected value from their security spend.
The real value of security validation comes not from a one-off look at performance of the organization's security controls or program, but through automated and continuous monitoring and measurement so that changes to the IT environment won't have an adverse impact on the performance and effectiveness of security controls in place.
Proper execution requires a five-step process through which IT leaders must prioritize, measure, optimize, rationalize and monitor the security stack on an ongoing basis. As a result, CISOs and business leadership gain a realistic picture of where the company is at in relation to its risk tolerance, and understand where vulnerabilities exist and how to optimize tools to better defend against and respond to attacks. Also, by integrating and operationalizing threat intelligence, security validation reveals how a company is defending itself against known threats and bad actors - particularly those that the organization is most susceptible to.
Measuring cyber security effectiveness is a continuous process - it requires empiric evidence to specifically identify the gaps and how to address them, and improve people, process and technology. To do it successfully, the right technology tools are critical - like the Mandiant Security Instrumentation Platform, which removes assumptions by conducting real attacks and delivering measurable results that companies can use to optimize and validate their security programs.
Interested in learning how you can prioritize, measure, optimize, rationalize and monitor your security investments against current and actual attacks? Download a full copy of the Mandiant Security Effectiveness Report 2020, which includes a detailed list of what's needed for successful cyber security validation.
Major General Earl Matthews USAF is an award-winning retired Major General of the U.S. Air Force with a successful career influencing the development and application of cyber security and information management technology. His strengths include his ability to lead large-scale, diverse, global organizations that operate, extend, maintain and defend global networks. He has earned a reputation as a motivational leader and change agent focused on delivering technical innovations that resolve complex challenges.