In spite of global turmoil in 2020, cyber security shifted gears to a greater focus on capturing evidence of security effectiveness. Security validation has become a critical part of cyber security operations.DOWNLOAD THE WHITEPAPER >
The change has been driven by a number of factors:
Security validation is a powerful and impactful way to both provide empiric evidence that an organization’s security controls are working as they should and quantify the level of an organization’s risk exposure. Unlike breach and attack simulation (BAS), which conducts one-off tests of security performance with simulated attacks that are often not recognized as threats by security controls (generating less accurate test results), security validation powered by active threat intelligence provides security teams with:
Mandiant research makes a clear case for security validation, finding that approximately 74% of attacks tested in production environments go undetected and only 9% of attacks detected are correlated by SIEMs resulting in a lack of response to attacks. This research indicates the lack of visibility security teams have into ongoing attacks and the impact on their organization’s risk posture. The continuous, automated and repeatable practice of validating security allows security teams to focus on defending the business more strategically while the Mandiant Security Instrumentation Platform underpins the effectiveness of their overall security.
To help teams implement an effective security validation program, Mandiant validation experts have developed the following five-step methodology:
By combining Mandiant real-time threat intelligence and incident response data with continuous controls validation technology, teams can determine the threats most likely to target their environment, the techniques adversaries are using to attack other organizations in the same industry and how to prioritize resources to minimize the risk of a security breach.
By safely running tests from a vast library of real adversary attacks and malware, teams gain visibility into how well their security program is performing. By leveraging continuous testing, benchmarking is enabled to outline the overall effectiveness of security over time and where further work or investment is required.
With fresh visibility into the full attack lifecycle, teams can pinpoint where improvements need to be made across people, processes and technology. Once controls are optimized, they can be re-tested to ensure security tools continue to perform as expected.
Using evidence from continuous validation, teams can give executives and the board confidence in the company’s security program and investments.
Changes in the IT environment such as automatic updates to systems and platforms can impact security performance and create environmental drift without a security team’s knowledge. The ability to automatically detect and remediate environmental drift is required for continuous validation and improvement.
The need to validate security is clear: many organizations are not as secure as they think they are, attacks are increasing in sophistication, budgets are under scrutiny and adversaries are rapidly morphing their tactics. To outmaneuver motivated attackers, organizations need continuous validation powered by timely and relevant intelligence. Mandiant brings together the world’s leading threat intelligence and frontline incident response data into its continuous security validation offering to arm organizations with the tools needed to increase security effectiveness and reduce business risk.
For more on how to implement an effective security validation program, visit FireEye.comDOWNLOAD THE WHITEPAPER >