sb-eu logo
Story image

Security professionals over-confident in security products

Security professionals are over-confident when it comes to effectiveness of their security products, according to a new survey released by Keysight. 

The enterprise test and measurement vendor released its Security Operations Effectiveness survey, which revealed that 50% of respondents reported that their organisation had experienced a security breach because one or more of their security products was not working as expected.

The survey found that just over half (57%) of security professionals were confident their current security solutions are working as intended. Yet only 35% of survey respondents stated that they conduct testing to ensure their security products are configured and operating as they expect. 

To close this gap, 86% of respondents see strong value in security test solutions that can actively test their company’s security products and posture, using both internal and external attack vectors.

Key findings from the ‘Security Operations Effectiveness’ survey include:

  • Organisations are breached often: 75% of respondents said their company had experienced a security breach (unauthorized intrusion, malware, hack etc), and 47% have experienced three or more breaches in the last three years.
  • Good security tools don’t always protect as expected: 50% of survey respondents stated they found a security solution was not working as expected after a breach had occurred.
  • Most organisations don’t verify their security is working correctly: Only 35% of respondents have test-based evidence to prove their security products are configured and working correctly.
  • Less than half of organizations practice breach responses: 49% of respondents stated they actively practice how to remediate and respond to security incidents.
  • Overlapping security product functions waste budgets and time: 66% of companies are using security solutions whose functions overlap, and for 41% of respondents this overlap is unintentional, wasting security budgets and management time without strengthening the organization’s security posture.
  • The value of security testing: 86% of respondents stated they would value a solution that finds and helps to remediate vulnerabilities in a company’s security posture. 79% of those surveyed would remove a security product from their infrastructure if they could prove it wasn’t effective.

“Enterprises are faced with a continuous stream of cyberattacks that threaten their businesses, and in many cases they attempt to deal with these by buying more security tools. Yet they don’t know whether these products are delivering the protection they expect,” says Scott Register, vice president, security solutions at Keysight’s Network Applications & Security Group (formerly Ixia Solutions Group).

“The disconnect is when good security tools are misconfigured or security teams lack the skills to use their tools," he says.

"This situation leads to overspending on overlapping tools and compromises an organisation’s security posture. Ongoing testing of security solutions would give organisations the proof and confidence that they are protected, but also would provide the opportunity to save resources.”

Keysight commissioned Dimensional Research to conduct the survey. A total of 307 participants that strategise, architect, manage and operate enterprise security solutions completed the survey. Participants were from all five continents. They represented large (48%), medium (41%), and small (11%) organisations across a wide variety of industries.

Story image
Australians ignoring cybersecurity policies in favour of productivity
Trend Micro has found that 67% of remote workers have increased their cybersecurity awareness during COVID-19 related lockdowns. However, despite greater awareness people may still engage in risky behaviour, the survey finds.More
Story image
CrowdStrike recognised as leading endpoint security vendor on global scale
IDC's report shows that CrowdStrike demonstrated a 2018-2019 growth rate of 99% and close to doubled its market share, while the market shares of the top three vendors in the corporate endpoint segment declined.More
Story image
Remote working trend bolsters cybersecurity investment - but downturn predicted
A new report from Canalys indicates investment in cybersecurity has increased 9.7% - but worsening economic conditions could turn the statistic around.More
Story image
APAC parents hide internet activity from children more than cyber attackers
A new report from Kaspersky has turned a modern trope - that teens have things to hide in their internet history - on its head, by proving the opposite is also true.More
Story image
Rackspace and Cloudflare join forces for managed edge security
Rackspace and Cloudflare join forces for managed edge security The solution includes a web application firewall, DDoS protection, DNS services and a global content delivery network, backed by 24/7 support.More
Story image
HackerOne launches penetration testing to empower digital transformation
“In today’s agile environments, pentest platforms should seamlessly integrate with every aspect of the software development lifecycle so that findings are quickly pushed to the right developer and vulnerabilities are fixed faster."More