Organizations have been managing security based on assumptions and best guesses for decades. However, these assumptions have resulted for many in financial and operational inefficiencies, defensive regression and an inability to determine if organizations are actually making the right decisions for their security posture.
The 2020 edition of our Mandiant Security Effectiveness Report explores this topic further, revealing insights into (and data about) how well organizations are protecting themselves against the growing number of cyber threats and attacks, and the overall effectiveness of their security infrastructure.
The Results: Alerts Were Generated for Only 9% of Attacks
Every organization’s environment is unique, complex and always changing, and in the report we uncovered some interesting results. For instance, we found that while organizations invest large sums in security controls and assume that their business-critical assets are fully protected, the reality is that attackers are successfully infiltrating the majority (53%) of environments without being detected. We found that 26% of attacks successfully infiltrated environments but were detected, and 33% of attacks were prevented by security tools. Alerts were generated for only 9% of attacks, demonstrating that most organizations and their security teams do not have the visibility they need into serious threats, even when they use central SIEM, SOAR and analysis platforms.
The Mandiant Security Effectiveness Report 2020 also takes a deeper look into techniques and tactics used by attackers, as well as the primary challenges most commonly uncovered in enterprise environments through security validation and conducting testing:
- Reconnaissance: In testing network traffic, organizations reported only 4% of reconnaissance activity generated an alert
- Infiltrations & Ransomware: 68% of the time, organizations reported their controls did not prevent or detect the detonation within their environment
- Policy Evasion: 65% of the time, security environments were not able to prevent or detect the approaches being tested
- Malicious File Transfer: 48% of the time, controls in place were not able to prevent or detect the delivery and movement of malicious files
- Command & Control: 97% of the behaviors executed did not have a corresponding alert generated in the SIEM
- Data Exfiltration: Exfiltration techniques and tactics were successful 67% of the time during initial testing
- Lateral Movement: 54% of the techniques and tactics used to execute testing of lateral movement were missed
What Organizations Need to Do Now
There are actions organizations can take to break out of this assumption cycle. They need to continuously monitor and measure security effectiveness, and to do that, they need empiric evidence in order to specifically identify the gaps, how to address them, and improve people, process and technology. Measuring cyber security effectiveness is a continuous process, and doing so successfully requires the right technology tools—such as Mandiant Security Instrumentation Platform, which removes the assumptions so that organizations can validate and optimize their security programs.
Check out the full press announcement now. Interested in learning how to validate controls against current and actual attacks? Check out our blog posts: Addressing the Perception Versus Reality Conundrum and Cyber Risk and Security Effectiveness in the Digital Age.
Register today for webinar, 5 Steps to Security Validation, where Major General Earl Matthews USAF (Ret) discusses how to move beyond assumptions with automated and continuous security controls validation; identify and measure vulnerability gaps; manage and suggest remediation steps by arming security practitioners with meaningful evidence; and validate an organization’s ability to defend itself by using real adversary behaviors.
And of course, download a full copy of the Mandiant Security Effectiveness Report 2020, including a list of the 10 fundamentals for successful cyber security effectiveness validation.