Security teams often have tools out there that aren’t used at all or are used in a way that makes them less useful for security tasks. This often happens when security teams focus on the wrong KPIs – perhaps focusing on input percentages rather than security results, according to Michalis Kamprianis, cybersecurity director of Hexagon Manufacturing Intelligence.
“What is missing is a proper management framework that will evaluate the effect of safety programs based on pre-defined criteria for risk reduction and safety improvement, instead of measuring pure numbers of things that have no value,” he explains. “For example, many projects start with a plan to cover a percentage of the environment, such as ‘We need to deploy EDR to 99% of the endpoints.’ These goals can be defined, measured, and communicated to the business in an irrefutable way. However, from a security point of view this does not matter.”
EDR is a good example, agrees Duff, who says many security departments remain in a state of inefficiency by sticking to ‘see-only mode.’ “Almost every EDR vendor comes in virtual mode because they don’t want their users to deploy a solution and have a bad user experience when they’re locked out. So what’s happening is they’re left in detection mode and they’re not actually protecting you. We won’t have that because now you buy a tool for one thing and do something else.”
Source link