When it comes to cybersecurity, the reality is that every organization’s environment is unique, complex and always changing. How a security tool performs in one environment may not be the same in another. This is further complicated as companies increasingly move to the cloud and IoT devices are used with greater frequency. And as attacks become more frequent and sophisticated, companies need to gain a better understanding on how to address their security challenges and if their controls are performing the way they’re supposed to.
To address some of the most common causes of attacks and breaches, we released today our Mandiant Security Effectiveness Report 2020, A Deep Dive Into Cyber Reality. This year’s report shares data on how well organizations are protecting themselves from a possible attack or breach, while also uncovering some startling results. For instance, we found that while organizations invest large sums in security controls and assume that their business-critical assets are fully protected, the reality is that breaches are getting through without their knowledge!
In fact, as discussed by our Vice President, Strategy Major General Earl Matthews USAF (Ret) in a recent Forbes Tech Council article and shared in blog Addressing the perception versus reality conundrum, we uncovered that the majority (53%) of attacks successfully infiltrated environments without detection. 26% of attacks successfully infiltrated environments but were detected, while 33% of attacks were prevented by security tools. Alerts for only 9% of attacks were generated, demonstrating that most organizations and their security teams do not have the visibility they need into serious threats, even when they use central SIEM, SOAR and analysis platforms.
The Mandiant Security Effectiveness Report 2020 also takes a deeper look into techniques and tactics used by attackers and outlines the primary challenges most commonly uncovered in enterprise environments by security validation and conducting testing:
- Reconnaissance: In testing network traffic, organizations reported only 4% of reconnaissance activity generated an alert
- Infiltrations & Ransomware: 68% of the time, organizations reported their controls did not prevent or detect the detonation within their environment
- Policy Evasion: 65% of the time, security environments were not able to prevent or detect the approaches being tested
- Malicious File Transfer: 48% of the time, controls in place were not able to prevent or detect the delivery and movement of malicious files
- Command & Control: 97% of the behaviors executed did not have a corresponding alert generated in the SIEM
- Data Exfiltration: Exfiltration techniques and tactics were successful 67% of the time during initial testing
- Lateral Movement: 54% of the techniques and tactics used to execute testing of lateral movement were missed
What companies need to do NOW is to continuously monitor and measure security effectiveness, and to do that, they need empiric evidence in order to specifically identify the gaps, how to address them, and improve people, process and technology. Measuring cybersecurity effectiveness is a continuous process, and to do it successfully, you need the right technology tools – like Security Instrumentation Platform, which removes the assumptions so that companies can validate and optimize their security programs.
Interested in learning how you can validate your controls against current and actual attacks? Visit here to download a full copy of the Mandiant Security Effectiveness Report 2020, including a list of the 10 fundamentals for successful cyber security effectiveness validation.