How Effective Are Your Security Investments?

Image of Cybersecurity, Information privacy, data protection, virus and spyware defense

According to the annual ESG survey, 60% of companies said they were targeted with a ransomware attack in 2019. Not surprisingly, those organizations are looking to augment their cybersecurity tools and processes. Defense in depth has long been touted as a reliable approach to securing the enterprise, and the strategy of adding layers has led to increased security spend. Notably, “62% of organizations will increase their security spending in 2020, continuing a multi-year boom in security technology investments,” the report said. 

The Risks of Too Many Layers

Spending more money on security solutions doesn’t always mitigate risk. The reality is that too many layers of security tools can sometimes corrupt the overall ecosystem, leaving security teams in the dark about whether the solutions they’ve deployed are actually working. 

The recently released Security Effectiveness Report from FireEye’s Mandiant found that the average enterprise has anywhere from 30 to 50 security solutions deployed; however, more than half (53%) of attackers are successfully able to infiltrate systems without detection. ZDNet’s analysis of the report’s findings said, “26% of attacks were successful but were detected, while 33% of attacks were prevented by security solutions. However, only 9% of attacks led to an alert being generated.”

We’ve–unfortunately–had far too many of these conversations with enterprises. They are drowning in alert overload from some tools while other security controls falsely report having blocked an attack when they actually failed to do so. 

Decision makers confess that they have increased their security spend without alleviating a growing pain point–the third party risk. Despite having done their due diligence and vetting their third party providers, enterprises remain at risk from their supply chains. Enterprises that have invested in a robust security strategy remain at the mercy of the security strategy of their downline suppliers because trusted access is difficult when you can’t verify the true security of your partners.  

The Supplier as a Gateway 

According to the Verizon 2020 Data Breach Investigation Report (DBIR), ‘Secondary’ is the top motivator for attackers, right behind ‘Financial’. Why? Because, “the compromised infrastructure in Secondary incidents is not the main target, but a means to an end as part of another attack.” Unbeknownst to all those upline customers, an attacker is able to exploit an accidental error or misconfiguration and compromise the companies linked to that vendor.

Why? What is missing in the “defense in depth” that enterprises can’t detect when their third-parties have been compromised? 

How to Justify Your Security Spend

When security teams are challenged with how to mitigate risks, they often look to technology for solutions. Yet sometimes investing in new products can create more issues in the greater security ecosystem of their organizations without showing evidence of compromise in their network. Without true visibility into whether the tools are actually doing their jobs, it’s difficult to reexamine your security tools and investments.

Security leaders need to be able to demonstrate the effectiveness of their investments in order to justify their budgets. In order to do that, they need solutions that allow them to proactively detect and respond to the real and present threats in their environments. When evaluating the solutions in their security ecosystem, they would be wise to eliminate the redundancies that create noise and invest in those that deliver visibility into real evidence of compromise in and across their extended networks. 

The Latest

Diving Deep into UNC1151’s Infrastructure: Ghostwriter and beyond

Introduction: Prevailion’s Adversarial Counterintelligence Team (PACT) is using advanced infrastructure hunting techniques and Prevailion’s unparalleled visibility into threat actor infrastructure creation to uncover previously unknown domains associated with UNC1151 and the “Ghostwriter” influence campaign.  UNC1151 is likely a state-backed threat actor [1] waging an ongoing and far-reaching influence campaign that has targeted numerous countries across […]

Prevailion CEO, Karim Hijazi- Biden’s Cybersecurity Strategy

Prevailion CEO, Karim Hijazi, comments on lacking White House cybersecurity efforts Karim Hijazi lays out why Biden’s cybersecurity strategy lacks innovation and effectiveness to deal with modern adversaries already inside companies around the globe.    

Prevailion CEO, Karim Hijazi- Tmobile Hack

Prevailion CEO, Karim Hijazi, talks about the T-Mobile hack and cloned SIM cards Karim Hijazi says T-Mobile’s breach is the largest in carrier history and discusses SIM swapping and other forms of identity theft.    

Copyright 2021 Prevailion, Inc. All rights reserved.    

Disclaimer: Gartner “Cool Vendors in Security Operations and Threat Intelligence,” Mitchell Schneider, Ruggero Contu, John Watts, Craig Lawson, October 13, 2020. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner Disclaimer: The GARTNER COOL VENDOR badge is a trademark and service mark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.