Yes, But Does It Actually Work?
Comparing and Choosing Cybersecurity Tools
RSA Conference Survey
A survey conducted at this year’s RSA conference summed up a looming problem in the cybersecurity realm. Forbes reported that:
- 53% of the responding businesses feel they have wasted more than 50% of their cybersecurity budget and still cannot remediate threats
- 43% of survey respondents say their number one challenge in threat detection and remediation is an overabundance of tools
- 10% of organizations lack effective tools for remediating cybersecurity threats
Conglomeration of Tools
As we enter a time of economic slowdown and rising threats, now is not the ideal time to reduce cybersecurity budgets. Rather, you need to ensure that every dollar you spend leads to real measurable results. The typical midsized company has 50 to 60 security tools, and enterprises can have up to 130, according to Anomali. The best way to evaluate your unique conglomeration of tools, people, and practices is to look at how effectively it stops attacks. Ideally, this testing would also serve as a training opportunity for your security team. That’s where PacketWatch’s Active Security team comes in.
I recently spoke with a CEO who completed a merger with a competitor. He assumed the other company had spent as much on their cybersecurity tools as he had. The challenge he faced was how to sort out the tools they would use going forward in the new organization. He just wants it to work.
Opinions abounded from team members about which tools to keep and which to retire. Tempers flared when each team member’s ‘sacred cow’ was placed on the chopping block. I suggested he consider a slightly different approach. I advocated that he set forth a simple goal to the team — keep the set of tools that performs the best in stopping or detecting likely attackers from getting to the crown jewels. Hard to object to that.
“Keep the set of tools that performs the best in stopping or detecting likely attackers from getting to the crown jewels.”
To make this happen, I suggested he bring in an outside “Red Team” (PacketWatch in this case) to work side-by-side with his internal defenders – creating a custom “Purple Team” exercise. With PacketWatch’s Red Team members emulating the Tactics, Techniques, and Procedures (TTPs) of identified threat actors, the participants could objectively say which tools could best detect, deter, or defeat the threat actor.
The ineffective tools could be retired and/or processes modified. Another benefit of Purple Teaming is the experience the internal team members would gain from seeing an attacker’s behavior and learning how to react quickly using the tools. That turned out to be a winner for the CEO, and it can be for you too.
Your cybersecurity budget will likely face scrutiny from your CFO this year. Why not arm yourself with a proven methodology for optimizing your security tools and retiring any ineffective ones? The result will be a more efficient use of your security budget and some real-world experience defending your network from adversaries for your team. If you’d like to Learn More about a PacketWatch Purple Team engagement, call us at 800-864-4667. Our team of Active Security experts will scope a custom exercise for your organization.