August 30, 2019 By Mike Elgan 3 min read

Your organization has invested in dozens of cybersecurity tools. But you’re not sure if they’re working as expected.

For example, what percentage of successfully blocked attacks reported by your security information and event management (SIEM) tool are false reports, where the attack actually occurred but was reported as blocked? Zero percent? Fifty percent? How can you know for sure?

Next year’s security spend will likely increase. How should you proceed with additional investment when there’s so much uncertainty about the effectiveness of previous investments? On your next stand-and-deliver to C-level leadership, what do you tell them about the current status of your security infrastructure?

Welcome to the cybersecurity age of uncertainty.

The Good News: You’re Not Alone

This uncertainty is pandemic, and it’s largely the result of the fast-changing threat landscape. Cybercriminals are hatching new schemes for stealing data and causing havoc at an ever-accelerating pace. You and your peers are moving fast and trying not to break things, implementing solutions in an often fragmented way and in an often siloed workplace and siloed data environment.

In fact, more than half of enterprise security leaders don’t know if their security tools are working, according to a new report from the Ponemon Institute and AttackIQ. What’s more, only 39 percent of respondents believe they’re getting full value from their security investments.

Specifically, this lack of visibility into the effectiveness of security tools can be summarized by three things that security leaders should know, but often don’t:

  1. Whether attacks are being stopped or not;
  2. If the organization is getting full value from security infrastructure spending; and
  3. How to provide leaders with a clear picture of the organization’s current security status.

This lack of visibility isn’t evenly distributed across the organization’s infrastructure. The biggest problems are in bring-your-own-device (BYOD), cloud environments and internet of things (IoT) devices.

One problem is experience with false negatives. Some 63 percent of respondents to the Ponemon study said they’d witnessed a security control reporting a blocked attack, when in fact the attack was not blocked. That erodes trust and creates uncertainty, as well it should.

Another problem is the sheer number of solutions. Companies surveyed deploy an average of 47 different cybersecurity solutions, yet only 39 percent said they believe that they’re getting full value from their security purchases. So many separate products and services, so little confidence. Something’s got to change.

A new SANS Institute survey, sponsored by IBM Security, found that a lack of visibility and the complexity of managing data across on-premises and cloud infrastructure are both adding to the risk of cyberattacks. Nearly half (48 percent) of respondents said they lack visibility into organizational data due to a variety of factors, including:

  • Unmanaged devices;
  • Lack of information about where sensitive data is located;
  • Insufficient integration between cybersecurity tools and cloud infrastructure;
  • Poor understanding about threats that target cloud environments;
  • Security analytics tools that are ineffective without a deep understanding of the organization’s data usage — for example, what exactly constitutes “normal” user behavior versus unusual behavior; and
  • Of course, limited staff.

How to Gain Better Visibility Into Your Environment

There are clear steps you can take, even with limited staffing, to gain much better visibility into the effectiveness of the tools you’re using to combat cyberattacks.

  • Get help from artificial intelligence (AI). Instead of trying to use limited staff resources to figure out what’s out there, what constitutes normal behavior among users and, therefore, what constitutes suspicious activity, deploy an AI solution to do that for you.
  • Deploy a threat intelligence platform and get everybody plugged into it. This will accelerate the discovery of shady activity. Sharing (information about possible breaches or attack attempts) is caring.
  • Work to break down silos within the organization to speed up responses to security incidents. Evangelize and champion teamwork across departments for the benefit of all. The best way to tackle data silos is to consolidate security solutions into fewer platforms or one platform from a single vendor. Consolidate, communicate and share.
  • Focus on practices and solutions that will give you visibility into cloud and IoT environments. This is where the lion’s share of visibility problems reside.
  • Conduct penetration testing on a predetermined schedule to uncover any remaining security gaps.

Hope is not a strategy, and wishful thinking is not a plan for success. It’s time to turn that nagging feeling of uncertainty about the efficacy of your cybersecurity tools into an action plan for gaining the visibility you need.

More from Data Protection

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

How data residency impacts security and compliance

3 min read - Every piece of your organization’s data is stored in a physical location. Even data stored in a cloud environment lives in a physical location on the virtual server. However, the data may not be in the location you expect, especially if your company uses multiple cloud providers. The data you are trying to protect may be stored literally across the world from where you sit right now or even in multiple locations at the same time. And if you don’t…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today