I’ll be giving a talk titled, “Beyond Assumption-based Security” at the DOJ on May 9th, 2017. The entire Verodin team is looking forward to the event as it promises to be very exciting with speakers from DOJ, DOT, DHS, NIST, and the FBI.
Organizations have been managing security based on assumptions, hopes, and prayers for decades. We assume our technology will detect and block that attack or leak, we hope our incident response techniques will be efficient and effective when under assault, and we pray that our security teams are well trained and practiced when everything goes wrong. But in many cases, we don’t have a way to evaluate our security effectiveness let alone have any empirical evidence to back up our assumptions. In short, assumption-based security doesn’t work.
Assumption-based security results in many negative outcomes.
- Security tool overload and shelf-ware are being predicated on a tradition of purchasing too many security buzzwords, evaluating solutions incorrectly, purchasing the wrong solutions, not tuning what we have, not retiring antiquated solutions and burning through time, money and other resources.
- Defensive regression is resulting in perhaps a once effective set of security controls no longer operating as desired because of configuration mistakes, loss of expertise and even malice.
- Poor business decision making is occurring because most of us don’t know if our security spend is making us more secure, if we are investing in the right areas or if we can even communicate the state of our security effectiveness to stakeholders.
Enough is enough. We need to move beyond assumptions. We need to “know.” We need to assess the efficacy of our security technology, talent, and techniques.
Verodin is defining the emerging concept of Instrumented Security™. Its revolutionary platform empowers enterprises to remove assumptions and prove their security effectiveness with empiric data. With Verodin, you can observe and adjust real responses to real attacks without ever putting production systems in danger. Verodin customers dramatically increase the ROI of their existing security investments, achieve maximum value from future spending and measurably mature their cyber prevention, detection and response effectiveness. Learn more at verodin.com.