Security Validation: Find the Gap in Your Defenses

In spite of global turmoil in 2020, cyber security shifted gears to a greater focus on capturing evidence of security effectiveness. Security validation has become a critical part of cyber security operations.


The change has been driven by a number of factors:

  • Senior business leaders want a better understanding of the value and contribution of cyber security to the business
  • CISOs need to prove the company’s security posture as adversaries become increasingly more sophisticated and targeted
  • Remote connectivity of today’s mobile workforce has put added pressure on security operations
  • Budget cuts are driving the need for rationalization of security tools
Meeting with people talking

Mandiant research makes a clear case for security validation, finding that approximately 74% of attacks tested in production environments go undetected and only 9% of attacks detected are correlated by SIEMs resulting in a lack of response to attacks.1

Security validation is a powerful and impactful way to both provide empiric evidence that an organization’s security controls are working as they should and quantify the level of an organization’s risk exposure. Unlike breach and attack simulation (BAS), which conducts one-off tests of security performance with simulated attacks that are often not recognized as threats by security controls (generating less accurate test results), security validation powered by active threat intelligence provides security teams with:

  • Insight into the threats most relevant to their organization
  • Assurance of the health of their security infrastructure
  • The ability to assess the efficacy of security tools against real adversary attacks
  • The ability to discover previously undetected gaps in their security and infrastructure
  • The ability to identify the greatest opportunities for optimization
  • Quantification of improvement to defenses over time
  • Identification and gathering of evidence needed to rationalize the value of investments

Mandiant research makes a clear case for security validation, finding that approximately 74% of attacks tested in production environments go undetected and only 9% of attacks detected are correlated by SIEMs resulting in a lack of response to attacks. This research indicates the lack of visibility security teams have into ongoing attacks and the impact on their organization’s risk posture. The continuous, automated and repeatable practice of validating security allows security teams to focus on defending the business more strategically while the Mandiant Security Instrumentation Platform underpins the effectiveness of their overall security.

3 people looking at a screen

To help teams implement an effective security validation program, Mandiant validation experts have developed the following five-step methodology:

Step 1 Prioritize

By combining Mandiant real-time threat intelligence and incident response data with continuous controls validation technology, teams can determine the threats most likely to target their environment, the techniques adversaries are using to attack other organizations in the same industry and how to prioritize resources to minimize the risk of a security breach.

Step 2 Measure

By safely running tests from a vast library of real adversary attacks and malware, teams gain visibility into how well their security program is performing. By leveraging continuous testing, benchmarking is enabled to outline the overall effectiveness of security over time and where further work or investment is required.

Step 3 Optimize:

With fresh visibility into the full attack lifecycle, teams can pinpoint where improvements need to be made across people, processes and technology. Once controls are optimized, they can be re-tested to ensure security tools continue to perform as expected.

Step 4 Rationalize

Using evidence from continuous validation, teams can give executives and the board confidence in the company’s security program and investments.

Step 5 Monitor

Changes in the IT environment such as automatic updates to systems and platforms can impact security performance and create environmental drift without a security team’s knowledge. The ability to automatically detect and remediate environmental drift is required for continuous validation and improvement.

The need to validate security is clear: many organizations are not as secure as they think they are, attacks are increasing in sophistication, budgets are under scrutiny and adversaries are rapidly morphing their tactics. To outmaneuver motivated attackers, organizations need continuous validation powered by timely and relevant intelligence. Mandiant brings together the world’s leading threat intelligence and frontline incident response data into its continuous security validation offering to arm organizations with the tools needed to increase security effectiveness and reduce business risk.

For more on how to implement an effective security validation program, visit


1 Mandiant (2020). Cyber Security Effectiveness Report: Deep Dive Into Cyber Reality