At Verodin, we have a favorite question that we ask organizations: “Can you explain to us what your cybersecurity posture is?”
Far more often than not, these organizations will respond by reciting a list of product “solutions” that they’ve bought. Yet, when we explore further, we find they have little comprehension of how all of their products are supposed to work together to protect their systems and data.
For years, they’ve acquired dozens of point products based upon recommendations found on a website (“Are you concerned about data loss? Here’s a proven data loss prevention tool!” … “Need firewalls? We have plenty!”). They buy and buy – and then buy some more – to the point where a number of purchases simply sit somewhere on the network unused. If you find that difficult to believe, then here’s a survey highlight which may astonish you: the average enterprise spends $115 per user on security-related software, but $33 of that funding (or 28 percent) pays for products which are either underutilized or not used at all, according to Osterman Research.
Suffice to say, a string of unused software does not amount to what we call a true cybersecurity posture. Nor is an assemblage of disconnected tools purchased in attempting to plug holes in the dam as opposed to building a complete, cohesive state of protection. By heading down this unproductive path, organizations lack the capability to dynamically assess, challenge and continuously verify cybersecurity posture. Getting deployments into your network quickly may seem like a feel-good rapid response to the myriad of threats out in the news, but, still misses the required relevancy and utility to safeguard the enterprise for the long haul.
To develop a true cybersecurity posture, organizations must start instrumenting security: assessing, and then improving, prevention and detection response technologies, people and processes. The approach here is holistic, examining both technology-based defenses as well as the people and processes which are inputs into a comprehensive, layered defense – one that will stand up to real tests of real-case malicious attacks which directly threaten information systems.
In future blogs, we’ll go into more detail about how to implement a true cybersecurity posture, elaborating upon how people, processes, and technology must come together. We’ll also explain how advanced attack simulations can lend critical clarity into how defenses can hold up to actual threats. So please check with this page for future updates. In the meantime, if you’d like to discuss how Verodin is helping organizations like yours instrument security, please contact us.
*** This is a Security Bloggers Network syndicated blog from Verodin Blog authored by Verodin Blog. Read the original post at: https://www.verodin.com/post/defining-a-true-cybersecurity-posture