Finding, implementing, and supporting cybersecurity tools and services within an organization can be a daunting task for a company of any size. There is no shortage of cybersecurity tools and services available to address just about every area of cybersecurity risk. The tools or services a company leverages can vary widely from one company to another, and many companies tend to select and implement tools or services based on a direct need to solve a problem. These needs may be driven by compliance or in some cases they exist to address cybersecurity risks based on past penetration testing.
This leads to a very challenging set of problems for companies at every level of cybersecurity maturity.
Initial Deployment Gaps
First, these tools and services need to be implemented and configured correctly to achieve the highest level of return on investment. The ability to implement and configure tools and services is generally not an issue for companies in the beginning. Most tool and service providers offer some level of support for companies to get them up and running. However, the challenge is that the initial setup is generally a default deployment model based on some canned criteria. The focus is usually to provide coverage for the key drivers that lead to acquiring the tool or service. More advanced capabilities are usually only considered for future efforts. Even integration between other tools and services is commonly only implemented to a small degree. The ability to validate if a tool or service is fully operational is generally based on the ability to trigger alerts and generate some level of reporting. For many companies this may be the only time the tool or service is tested to validate it’s operating as expected.
On-Going Support Compounds
Once the initial setup has been completed and the vendor gets the company to sign off that the tool or service is operational, they close out the project on their side. While the vendor has completed what they have committed to do for the company, the tool or service now has operational and maintenance requirements that need to be addressed by the company. This is where the next set of challenges begin to impact the ability of the tool or service to function effectively. All security tools or services will require regular updates from the vendor to keep them current. It’s possible that these updates may only require changes to the configuration of a single tool or service. However, they may also require changes to multiple tools, services, and systems as required to maintain the expected level of functionality. This necessity to have changes made in multiple places increases the likelihood of some level of misconfiguration to occur.
It’s a very common occurrence to find clients surprised that they were unable to detect our efforts during a planned cybersecurity penetration testing engagement.
Security Perception Is Not Always Reality
Even more of a concern for clients is when they cannot detect trivial attack patterns that they felt were well addressed. It’s one thing to not be able to see a threat that was designed to bypass known security monitoring models. It’s another to feel that you have the risk addressed only to find that the tool or service has been failing to detect threats for some unknown time-frame. Today, it’s become common that companies realize their ability to detect cybersecurity threats was impaired only after a breach has occurred. These failures are commonly traced back to a lack of operational validation.
Find Out What Works and What Doesn’t
Abricto has developed a client service specifically designed to validate the capabilities of a company’s security tools and services. Our Cybersecurity Capabilities Assessment focuses on the security tools and services in use by an organization. As well as the teams that support the tools and services to help the company gain the full value of their cybersecurity investments. This service provides your security team the ability to get hands on experience seeing real world threats as they occur in real-time. This experience prepares security teams to better understand the threats they face and how the tools and services they own can be leveraged more effectively. Our goal is to help our clients address their cybersecurity risk as a value-added partner. If you’re looking for a security partner, Abricto Security can help you get the most value out of your cybersecurity tools and services. Please reach out to us to start a conversation.