In early August, I traveled to Boston and met with Art Coviello, former RSA Executive Chairman and Board of Directors for a top financial. While there, Art and I recorded an interview about security from the perspective of c-suites and boards.
Security can’t operate effectively with an assumption-based approach and the c-suite and board can’t make decisions without understanding the risks. Art states that “Organizations need to urgently validate that their security stack is working the way it was intended…not only is this important from a cost standpoint, but it’s fundamental to understanding risk.”
It sounds bizarre, but most CISOs have no idea if their security solutions are actually working. They are making huge investments, but not seeing huge value. Art says, “CISOs are struggling because of the fundamental fact that there is no way to effectively understand that their security solutions are working as intended and are left wondering what these technologies are actually doing for them. They have no way of really understanding this – that’s what Verodin SIP does.”
There is no appetite across leadership for opaque security operations where effectiveness is an unknown. Boards want empiric evidence and results. “Boards are seeing ever-increasing demands for budget, but they don’t see the risk getting mitigated,” according to Art.
That’s not necessarily the fault of the security team. They haven’t had security instrumentation solutions like Verodin SIP to continuously and automatically validate security effectiveness. Art suggests, “There’s no way to be able to effectively understand unless you can test and come back with factual evidence that your security system is working the way it’s supposed to. And as a result, there’s no way to understand risk if you don’t have a capability like Verodin.”
Verodin is defining the emerging concept of Instrumented Security™. Its revolutionary platform empowers enterprises to remove assumptions and prove their security effectiveness with empiric data. Verodin customers dramatically increase the ROI of their existing security investments, achieve maximum value from future spending and measurably mature their cyber prevention, detection, and response effectiveness.