Maximum security effort doesn’t mean maximum security effectiveness.
I was recently working with a fortune 500 company that invests tens of millions into security annually. They implement new security products on endpoints, in their network, and in the cloud. They hire security talent and design processes. Their internal auditors review their security and they hire third parties to assess them twice a year. They work hard to get it right. But, despite all this effort, they are not nearly as effective as they wanted or could be fairly easily.
By using Verodin the customer discovered five significant issues – and they were pretty easy to catch.
Close to 50% of their SIEM rules were not firing correctly because logs and alerts weren’t getting into the SIEM, the rules were written to trigger off older security product versions, initial security product had been replaced with newer products without updating the SIEM’s rules, and the rules that were written were never validated against real attacks through their production security controls to see if they would actually work.
Out of the box endpoint security controls were detecting but not blocking as much as they assumed because they thought the default installs would provide greater incident prevention when in reality they defaulted to detection, prevention had to be manually tuned.
Their network firewalls were also detecting by default instead of blocking for a number of attacks they assumed would be blocked by default.
Their IPS signatures were extremely outdated and it was discovered that there was an internal DNS issue that they were not aware of that prevented their signatures from being updated for almost a year.
DLP was only catching a small fraction of data exfiltrations because it wasn’t configured to track ICMP tunneling (I’ve blogged about this issue before) and compression beyond three levels of .zip, .rar, or .tar blinded their DLP.
Effective security means optimizing your security across technology, people, and process. And despite what you’ve been told, it doesn’t need to be that hard or take that long.
If your solutions are tuned effectively and continue to stay tuned over time, your people will be more efficient when leveraging those solutions and your processes will yield more exacting and timely results.
Security Instrumentation Platforms (SIP) like Verodin help you evaluate the efficacy of your security technology by safely executing real attacks within your production environment. Verodin helps you evaluate, integrate and maintain your security controls to ensure you’re maximizing their effectiveness with limited effort.
SIPs also help you hire and train talent and provide a mechanism to allow your security team to practice incident response with real attacks using your security controls with 100 percent safety. With SIP your security team will be practiced when they are needed most.
SIPs provide a platform to create, evaluate, and mature your processes by evaluating what’s working, what’s not, and why when your network is attacked and your security team responds. This level of information is also extremely beneficial for executive stakeholders.
Verodin is defining the emerging concept of Instrumented Security™. Its revolutionary platform empowers enterprises to remove assumptions and prove their security effectiveness with empiric data. With Verodin, you can observe and adjust real responses to real attacks without ever putting production systems in danger. Verodin customers dramatically increase the ROI of their existing security investments, achieve maximum value from future spending and measurably mature their cyber prevention, detection and response effectiveness. Learn more at verodin.com.