On HBO’s Silicon Valley, Jian Yang’s infamous “SeeFood” app can identify if your food is a hot dog or “not a hot dog.” Wouldn’t be great to have something like that designed to tell you if your security is working or not working?
One of the key capabilities of security instrumentation is the ability to do just that. It validates if your security is working or it’s not. It proves your security effectiveness.
- My firewall isn’t blocking 75% of inbound attacks.
- My IPS is detecting malware beaconing.
- My endpoint isn’t blocking privilege escalation attacks.
- My DLP is preventing data exfiltration of 2x zipped files over ICMP.
- My SIEM isn’t receiving, correlating or alerting on these incidents.
Instrumentation isn’t new. Think about discrete manufacturing. Tools and techniques in the production of widgets are constantly being validated and instrumented to increase safety, quality, productivity and the like. In IT, network instrumentation has been around for decades. But security instrumentation, that’s something entirely new. However, it’s addressing an old problem which is your ability to measure, manage and improve security effectiveness.
So why is focusing on security effectiveness, which is how effective your security is across people, processes, and technology, so critical? It’s because for too long, organizations have based their security on assumptions. We simply don’t have evidence-based data to prove security. Because of these assumptions, and a lack of empiric evidence, it’s difficult to answer basic questions like:
- Are we safe from Apache Struts?
- How well will we respond to a WannaCry incident?
- Did changes in network segmentation, taps, and span ports have a negative impact on our security visibility?
- Is our WAF, that was working awesome during the POC and initial implementation last year, still protecting us from SQL Injection attacks?
This is where security instrumentation solutions like Verodin come in. The Verodin Security Instrumentation Platform or SIP is the first business platform to measure, manage and improve security effectiveness.
Verodin SIP removes assumptions and allows you to answer questions empirically, with zero false positives, and provides a platform with continuous and automated security validation capabilities.