Security professionals are overconfident in the effectiveness of their security products

Security operations teams face challenges in understanding how their security tools work leading to data breaches, vulnerabilities and wasted time and money.

  • 4 years ago Posted in
Keysight has released its Security Operations Effectiveness survey, showing that 50% of respondents reported that their organization had experienced a security breach because one or more of their security products was not working as expected.

 

The survey found that just over half (57%) of security professionals were confident their current security solutions are working as intended. Yet only 35% of survey respondents stated that they conduct testing to ensure their security products are configured and operating as they expect. To close this gap, 86% of respondents see strong value in security test solutions that can actively test their company’s security products and posture, using both internal and external attack vectors.

 

Key findings from the ‘Security Operations Effectiveness’ survey include:

  • Organizations are breached often: 75% of respondents said their company had experienced a security breach (unauthorized intrusion, malware, hack etc), and 47% have experienced three or more breaches in the last three years.
  • Good security tools don’t always protect as expected: 50% of survey respondents stated they found a security solution was not working as expected after a breach had occurred.
  • Most organizations don’t verify their security is working correctly: Only 35% of respondents have test-based evidence to prove their security products are configured and working correctly.
  • Less than half of organizations practice breach responses: 49% of respondents stated they actively practice how to remediate and respond to security incidents.
  • Overlapping security product functions waste budgets and time: 66% of companies are using security solutions whose functions overlap, and for 41% of respondents this overlap is unintentional, wasting security budgets and management time without strengthening the organization’s security posture.
  • The value of security testing: 86% of respondents stated they would value a solution that finds and helps to remediate vulnerabilities in a company’s security posture. 79% of those surveyed would remove a security product from their infrastructure if they could prove it wasn’t effective.

 

“Enterprises are faced with a continuous stream of cyberattacks that threaten their businesses, and in many cases they attempt to deal with these by buying more security tools. Yet they don’t know whether these products are delivering the protection they expect,” said Scott Register, vice president, security solutions at Keysight’s Network Applications & Security Group (formerly Ixia Solutions Group). “The disconnect is when good security tools are misconfigured or security teams lack the skills to use their tools. This situation leads to overspending on overlapping tools and compromises an organization’s security posture. Ongoing testing of security solutions would give organizations the proof and confidence that they are protected, but also would provide the opportunity to save resources.”

 

Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and...
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets...
Research from Avast has found that employees in almost a third (31%) of Small and Medium...
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53%...
Trend Micro has published new research revealing that 90% of IT decision makers claim their...
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real...