IT disaster recovery, cloud computing and information security news

Ineffective security products contribute to many breaches finds study

Details
Published: Thursday, 13 February 2020 09:31

Keysight has released the results from its Security Operations Effectiveness survey, where 50 percent of respondents reported that their organization had experienced a security breach because one or more of their security products was not working as expected.

The survey found that just over half (57 percent) of security professionals were confident their current security solutions are working as intended. Yet only 35 percent of survey respondents stated that they conduct testing to ensure their security products are configured and operating as they expect. To close this gap, 86 percent of respondents see strong value in security test solutions that can actively test their company’s security products and posture, using both internal and external attack vectors.

Key findings from the ‘Security Operations Effectiveness’ survey include:

  • Organizations are breached often: 75 percent of respondents said their company had experienced a security breach (unauthorized intrusion, malware, hack etc), and 47 percent have experienced three or more breaches in the last three years;
  • Good security tools don’t always protect as expected: 50 percent of survey respondents stated they found a security solution was not working as expected after a breach had occurred;
  • Most organizations don’t verify their security is working correctly: Only 35 percent of respondents have test-based evidence to prove their security products are configured and working correctly;
  • Less than half of organizations practice breach responses: 49 percent of respondents stated they actively practice how to remediate and respond to security incidents;
  • Overlapping security product functions waste budgets and time: 66 percent of companies are using security solutions whose functions overlap, and for 41 percent of respondents this overlap is unintentional, wasting security budgets and management time without strengthening the organization’s security posture;
  • The value of security testing: 86 percent of respondents stated they would value a solution that finds and helps to remediate vulnerabilities in a company’s security posture. 79 percent of those surveyed would remove a security product from their infrastructure if they could prove it wasn’t effective;

Keysight commissioned Dimensional Research to conduct the survey. A total of 307 participants that strategize, architect, manage and operate enterprise security solutions completed the survey. Participants were from all five continents. They represented large (48 percent), medium (41 percent), and small (11 percent) organizations across a wide variety of industries.

More details (PDF).



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

Root Cause Analysis
The Impact Tolerance Guide

Additional Resources

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.