Security efficacy validation was a hot topic last week at Black Hat. Security analysts and security leaders alike want to know empirically if their security is working and they have no tolerance for shelfware.
- Are my firewalls preventing C2 beaconing from my partner network?
- Is my DLP stopping sensitive data from being exfiltrated from my critical server network?
- Does my endpoint security stop Mimikatz or just alert on it?
- What does my WAF do during a SQL Injection attack from the Internet to my DMZ?
- How is my SIEM receiving, correlating and alerting on these activities?
It doesn’t matter if you are buying the bulk of your security solutions from a single security vendor, thus taking a platform approach, or you are buying from multiple vendors, thus supporting a best in breed approach. Validating your security efficacy is critical to security effectiveness regardless of from whom you purchase. And yes, validating security efficacy can be done empirically, easily, and automatically.
From POC to production, what’s the point of investing in any security solution if you can’t validate that it’s doing what you need, understand where the gaps are so you can prescriptively tune it, and continuously validate through automated monitoring to mitigate defensive regression?
Shelfware is often the outcome of bad or incorrect solutions being purchased, poor implementation, poor integration, and poor maintenance. That leads to wasted time, training, dollars and other resources. It also increases risk, because assumptions are in place regarding a certain level of value that the solution is providing. It’s hard enough to get real value out of a solution that is getting care and feeding, let alone those collecting a bit of dust.
Security efficacy just makes logical sense. Make sure what you’re evaluating does what you want. Validate the solutions you have are doing what you need and integrate well with the rest of your defensive stack. Know the impact of configuration changes, patches, network adjustments, etc. on your security effectiveness. Outline security gaps with zero false positives and leverage prescriptive results to mitigate those gaps. Revalidate that the mitigation worked and finally apply automated, continuous validation to ensure things continue to work as desired.
If this sounds interesting, check out the Verodin Security Instrumentation Platform (SIP) and have Verodin prove it. See for yourself how you can use Verodin SIP to help with your security efficacy.