We're changing our name.
Verodin is now Mandiant Security Validation. Click here to learn more.

Pitfalls of Layered Security

We have a bunch of security controls that are not providing the value we assume they are. It’s not that the security controls are bad or the people configuring them don’t know what they’re doing. It’s because there is no way to validate that security products are actually performing the way we want.

August 10, 2017
Category
Blog Tags

Layered security makes intuitive sense. Prevention only scales so far. So, you augment prevention with detection. Detection is very useful when tightly aligned with response. And response adds great value when mitigation measures lead to improvements in prevention and detection.

The reality is however, we have a bunch of security controls that are not providing the value we assume they are. It’s not that the security controls are bad or the people configuring them don’t know what they’re doing. It’s because there is more often than not no way to validate that our security products are actually performing the way we want and that configuration changes we made are actually working.

It’s a lot like the Security Jenga video below. We’re moving pieces around in the stack and adding more “buzzwords” in the hope that they’ll perform as assumed. But we often have no way of validating our security effectiveness and no configuration assurance. Eventually, much like the Security Jenga game, it all comes crashing down.

 

Without empirically knowing what’s blocking, detecting, alerting, correlating, etc., it’s impossible to measure and improve security effectiveness. This leads to increases in complexity and cost and because of a security talent shortage, there aren’t enough people to throw at all the products you are throwing at the problems.

Embrace layered security, but do so with a platform that provides you with automated and continuous measurement of security effectiveness. Check out what Verodin can do to help.

Return to Blog
Get in touch:

Verodin provides security validation to measure, manage, and improve your overall effectiveness.

Chances are you’re ignoring valuable security data that can be gathered via instrumentation. Future-proof your security posture today.

Request a Demo

Chances are you’re ignoring valuable security data that can be gathered via instrumentation. Future-proof your security posture today.

Connect with an advisor

Get new cybersecurity effectiveness podcasts delivered straight to your inbox.

We will never sell or distribute your information.