Organizations lack confidence in managed security solutions
It finds that while 68 percent of respondents use MSSP/MDR solutions to fill security gaps, a worrying 47 percent are not confident in the technology or the people. Also 44 percent are not confident in the managed services security processes.
"Based on the results of this survey, it is clear that the participants' level of confidence in their managed services is much lower compared to their in-house security people and technology, in which 78 percent reported feeling confident," says Holger Schulze, CEO of Cybersecurity Insiders.
Businesses are clearly keen to understand potential threats. 65 percent of respondents say they utilize a threat-informed approach to security and 41 percent use ATT&CK evaluations to assess endpoint vendor decisions. In addition 59 percent of respondents conduct offensive testing on products before investing in a new solution and 53 percent of respondents conduct offensive testing on services before investing in a new solution.
Challenges remain, however, 47 percent of respondents are using detection and response tools to gain visibility into their networks and 28 percent of those respondents still rely on perimeter defenses. 42 percent note a lack of training, while 31 percent identifty problems hiring as a limiting
factor to high confidence in organizational security.
"While many organizations have the intent to operate as threat-informed and do the right things, such as conducting offensive testing, there are still a significant number of organizations that aren't leveraging the data ATT&CK tells us we should look at," says Frank Duff, MITRE Engenuity's general manager, ATT&CK Evaluations. "We have an over-reliance on keeping the adversary out, and we also are limited by hiring and training."
The full report is available from the MITRE Engenuity site.