In the world of cybersecurity, many security teams find themselves with tools that are either underutilized or deployed in a way that doesn’t effectively enhance security operations. This issue stems from a focus on the wrong Key Performance Indicators (KPIs), such as coverage percentage over actual security outcomes. According to Michalis Kamprianis, director of cybersecurity for Hexagon Manufacturing Intelligence, what is lacking is a proper governance structure that evaluates security programs based on risk reduction and security improvements, rather than meaningless numerical measurements.
Kamprianis explains that many security projects start with the goal of covering a certain percentage of the environment, like deploying Endpoint Detection and Response (EDR) to 99% of endpoints. While this target may be easy to explain, measure, and communicate to the business, it doesn’t necessarily translate to improved security. Simply reaching a numerical target does not guarantee enhanced security posture.
Neil Duff, an expert in the field, points out that EDR is often underutilized by security departments that only operate it in ‘detect only mode.’ Many EDR vendors default to this mode to avoid disrupting user experience, but this leaves organizations vulnerable as they are not fully protected. Duff emphasizes the importance of utilizing security tools to their full potential to truly enhance security posture.
In order to address these issues, security teams need to shift their focus from arbitrary numerical targets to meaningful security outcomes. This requires a shift in mindset from simply deploying tools to achieving tangible security improvements. By implementing a governance structure that evaluates security programs based on risk reduction and security advancements, organizations can ensure that their tools are being effectively utilized to enhance overall security posture.
Furthermore, organizations should prioritize proactive security measures over reactive approaches. Instead of waiting for security incidents to occur before taking action, security teams should be leveraging their tools to prevent threats before they materialize. This proactive approach not only improves overall security but also reduces the likelihood of security breaches and data leaks.
Ultimately, it is crucial for security teams to rethink their approach to deploying and utilizing security tools. By focusing on meaningful security outcomes and prioritizing proactive measures, organizations can enhance their security posture and better protect against cyber threats. It is time for security teams to move beyond arbitrary numerical targets and instead focus on tangible security improvements that truly enhance overall security effectiveness.