As we uncovered in our report Mandiant Security Effectiveness Report 2020, looking across network, email and endpoint and cloud-based security controls, all too often, security controls are not performing as expected. Knowing this, security leaders need to ask themselves why are their controls not performing the way they’re supposed to, what are the risks associated with a gap in performance, and how do they fix it?
In order to protect an organization’s business critical assets, security teams need to think like a cyber adversary, because only by understanding their process can an organization be prepared and prevent an attack or breach before it happens. And the first step is understanding reconnaissance – the initial step of an intrusion.
As I discussed in our video blog Security Effectiveness Report: Reconnaissance (above), reconnaissance is when cyber adversaries plan their attack. They will spend time researching, identifying and selecting targets, and typically, they gather their intelligence from publicly available sources, such as Twitter, LinkedIn and corporate websites. We are also seeing passive reconnaissance, which includes scanning tools like network sniffers for wired and wireless networks, as well as port scanners. The cyber adversaries are scanning for vulnerabilities that can be exploited and map out those areas they can take advantage. In a nuthsell, attackers are looking for weaknesses.
So, what can organizations do to protect themselves? The answer is twofold: from a people side, companies must implement security awareness training, which goes back to an organization’s security culture, and from a technical perspective, companies need to perform continuous testing to validate that their controls are working. In today’s world, organizations must validate security effectiveness if they want to stop operating on assumptions, minimize risk and strengthen cyber hygiene. Only through automated, continuous monitoring and measurement against real-world attack behaviors can companies gain data-driven evidence and insights that validate security controls are working as they should.
For instance, did you know that only 4% of reconnaissance activity generated an alert? As discussed in the report, this exposes the risk associated with misconfigured controls, resulting in higher risks of successful scanning and profiling as well as a high percentage of missed early stage attack tactics.
As evidenced by our findings in Mandiant Security Effectiveness Report 2020, there is not only a gap between assumptions and reality when it comes to security effectiveness, but also, a misalignment between business leadership and IT teams, which further exasperates the problem. And while we are seeing incremental improvements in overall security, cyber hygiene continues to be the biggest problem. Solutions like Mandiant Security Instrumentation Platform (SIP) can help organizations overcome these challenges through automated, continuous monitoring and measurement against real-world attacks.
Interested in learning how you can validate your controls against current and actual attacks? Visit here to download a full copy of the Mandiant Security Effectiveness Report 2020, including a list of the 10 fundamentals for successful cyber security effectiveness validation.