August 30, 2019 By Mike Elgan 3 min read


Your organization has invested in dozens of cybersecurity tools. But you’re not sure if they’re working as expected.

For example, what percentage of successfully blocked attacks reported by your security information and event management (SIEM) tool are false reports, where the attack actually occurred but was reported as blocked? Zero percent? Fifty percent? How can you know for sure?

Next year’s security spend will likely increase. How should you proceed with additional investment when there’s so much uncertainty about the effectiveness of previous investments? On your next stand-and-deliver to C-level leadership, what do you tell them about the current status of your security infrastructure?

Welcome to the cybersecurity age of uncertainty.

The Good News: You’re Not Alone

This uncertainty is pandemic, and it’s largely the result of the fast-changing threat landscape. Cybercriminals are hatching new schemes for stealing data and causing havoc at an ever-accelerating pace. You and your peers are moving fast and trying not to break things, implementing solutions in an often fragmented way and in an often siloed workplace and siloed data environment.

In fact, more than half of enterprise security leaders don’t know if their security tools are working, according to a new report from the Ponemon Institute and AttackIQ. What’s more, only 39 percent of respondents believe they’re getting full value from their security investments.

Specifically, this lack of visibility into the effectiveness of security tools can be summarized by three things that security leaders should know, but often don’t:

  1. Whether attacks are being stopped or not;
  2. If the organization is getting full value from security infrastructure spending; and
  3. How to provide leaders with a clear picture of the organization’s current security status.

This lack of visibility isn’t evenly distributed across the organization’s infrastructure. The biggest problems are in bring-your-own-device (BYOD), cloud environments and internet of things (IoT) devices.

One problem is experience with false negatives. Some 63 percent of respondents to the Ponemon study said they’d witnessed a security control reporting a blocked attack, when in fact the attack was not blocked. That erodes trust and creates uncertainty, as well it should.

Another problem is the sheer number of solutions. Companies surveyed deploy an average of 47 different cybersecurity solutions, yet only 39 percent said they believe that they’re getting full value from their security purchases. So many separate products and services, so little confidence. Something’s got to change.

A new SANS Institute survey, sponsored by IBM Security, found that a lack of visibility and the complexity of managing data across on-premises and cloud infrastructure are both adding to the risk of cyberattacks. Nearly half (48 percent) of respondents said they lack visibility into organizational data due to a variety of factors, including:

  • Unmanaged devices;
  • Lack of information about where sensitive data is located;
  • Insufficient integration between cybersecurity tools and cloud infrastructure;
  • Poor understanding about threats that target cloud environments;
  • Security analytics tools that are ineffective without a deep understanding of the organization’s data usage — for example, what exactly constitutes “normal” user behavior versus unusual behavior; and
  • Of course, limited staff.

How to Gain Better Visibility Into Your Environment

There are clear steps you can take, even with limited staffing, to gain much better visibility into the effectiveness of the tools you’re using to combat cyberattacks.

  • Get help from artificial intelligence (AI). Instead of trying to use limited staff resources to figure out what’s out there, what constitutes normal behavior among users and, therefore, what constitutes suspicious activity, deploy an AI solution to do that for you.
  • Deploy a threat intelligence platform and get everybody plugged into it. This will accelerate the discovery of shady activity. Sharing (information about possible breaches or attack attempts) is caring.
  • Work to break down silos within the organization to speed up responses to security incidents. Evangelize and champion teamwork across departments for the benefit of all. The best way to tackle data silos is to consolidate security solutions into fewer platforms or one platform from a single vendor. Consolidate, communicate and share.
  • Focus on practices and solutions that will give you visibility into cloud and IoT environments. This is where the lion’s share of visibility problems reside.
  • Conduct penetration testing on a predetermined schedule to uncover any remaining security gaps.

Hope is not a strategy, and wishful thinking is not a plan for success. It’s time to turn that nagging feeling of uncertainty about the efficacy of your cybersecurity tools into an action plan for gaining the visibility you need.

More from Data Protection

Data security tools make data loss prevention more efficient

3 min read - As businesses navigate the complexities of modern-day cybersecurity initiatives, data loss prevention (DLP) software is the frontline defense against potential data breaches and exfiltration. DLP solutions allow organizations to detect, react to and prevent data leakage or misuse of sensitive information that can lead to catastrophic consequences. However, while DLP solutions play a critical role in cybersecurity, their effectiveness significantly improves when integrated with the right tools and infrastructure. Key limitations of DLP solutions (and how to overcome them) DLP…

Defense in depth: Layering your security coverage

2 min read - The more valuable a possession, the more steps you take to protect it. A home, for example, is protected by the lock systems on doors and windows, but the valuable or sensitive items that a criminal might steal are stored with even more security — in a locked filing cabinet or a safe. This provides layers of protection for the things you really don’t want a thief to get their hands on. You tailor each item’s protection accordingly, depending on…

What is data security posture management?

3 min read - Do you know where all your organization’s data resides across your hybrid cloud environment? Is it appropriately protected? How sure are you? 30%? 50%? It may not be enough. The Cost of a Data Breach Report 2023 revealed that 82% of breaches involved data in the cloud, and 39% of breached data was stored across multiple types of environments. If you have any doubt, your enterprise should consider acquiring a data security posture management (DSPM) solution. With the global average…

Cost of a data breach: The evolving role of law enforcement

4 min read - If someone broke into your company’s office to steal your valuable assets, your first step would be to contact law enforcement. But would your reaction be the same if someone broke into your company’s network and accessed your most valuable assets through a data breach? A decade ago, when smartphones were still relatively new and most people were still coming to understand the value of data both corporate-wide and personally, there was little incentive to report cyber crime. It was…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today