Security pros are overconfident in the effectiveness of their tools
Half of respondents to a new survey report that they have experienced a breach because one or more of their security tools wasn't working as expected.
The Security Operations Effectiveness survey from Keysight Technologies questioned over 300 individuals involved in enterprise security solutions and found that only just over half (57 percent) of security professionals are confident their current security solutions are working as intended.
However, only 35 percent of survey respondents say that they conduct testing to ensure their security products are configured and operating as they expect. To close this gap, 86 percent of respondents see strong value in security test solutions that can actively test their company's security products and posture, using both internal and external attack vectors.
"Enterprises are faced with a continuous stream of cyberattacks that threaten their businesses, and in many cases they attempt to deal with these by buying more security tools. Yet they don't know whether these products are delivering the protection they expect," says Scott Register, vice president, security solutions at Keysight's Network Applications and Security Group (formerly Ixia Solutions Group). "The disconnect is when good security tools are misconfigured or security teams lack the skills to use their tools. This situation leads to overspending on overlapping tools and compromises an organization's security posture. Ongoing testing of security solutions would give organizations the proof and confidence that they are protected, but also would provide the opportunity to save resources."
Among the findings are that 75 percent of respondents say their company has experienced a security breach (unauthorized intrusion, malware, hacks etc), and 47 percent have experienced three or more breaches in the last three years.
Only 49 percent of respondents say they actively practice how to remediate and respond to security incidents. In addition 66 percent of companies are using security solutions whose functions overlap, and for 41 percent of respondents this overlap is unintentional, wasting security budgets and management time without strengthening the organization's security.
You can read more about the findings on the Keysight site.