Many organizations believe their security tools are delivering the desired results — despite the fact that these tools frequently miss cyberattacks, according to the "Mandiant Security Effectiveness Report 2020" from cybersecurity company FireEye.
In the report, Mandiant researchers tested 123 security technologies in production environments across 11 industries. Key finding from the report included:
- On average, organizations use 50 to 70 security tools across their IT environments.
- 35 percent of security tools have overlapping capabilities.
- 80 percent of security tools are underutilized.
Furthermore, 91 percent of cyberattacks did not generate a security alert, 53 percent successfully infiltrated environments without detection and 33 percent were stopped by security tools, the Mandiant report revealed.
What Are the Biggest Cybersecurity Challenges for Today's Organizations?
Along with the effectiveness of security tools, the Mandiant report indicated that today's organizations face a wide range of cybersecurity challenges, including:
- Reconnaissance: Organizations reported only 4 percent of reconnaissance activity generated an alert in network traffic.
- Infiltrations and Ransomware: In 68 percent of infiltration and ransomware cases, organizations reported their security controls did not stop these issues.
- Command & Control (C&C): Approximately 97 percent of C&C behaviors executed by cybercriminals did not have a corresponding alert generated in security information and event management (SIEM) tools.
Effectively managing security issues is critical, and Mandiant researchers offered the following tips to help organizations improve the effectiveness of their security programs:
- Test against cybercriminal techniques and attacks and ensure coverage is in place to guard against all attack vectors.
- Conduct exercises to analyze the effectiveness of internal and external security controls.
- Generate reports that highlight the effectiveness of an organization's security controls and share these reports with business leaders.
- Use metrics to assess business risk and the value of investments.
Ongoing, automated security program assessments and optimization are paramount, the Mandiant report indicated. If organizations regularly evaluate the effectiveness of their security programs, they can find ways to minimize risk and limit cyberattack damage.
