A new survey of security executives at large companies in the US reveals that many don't have confidence in their enterprise security posture.
Less than a third of these executives are confident in their organisation's security position, and only slightly more than a quarter feel that their communications on security to senior management are effective.
The survey commissioned by Raytheon|Websense shows that many still rely on technology aimed at preventing breaches but do little after one has occurred. Yet 9 out of 10 of the organisations represented in the survey have had at least one breach involving a loss or compromise of data in the past year.
Despite this only a third of the executives surveyed employ qualitative techniques, such as dwell time, that help them understand the state of their network post-breach. 57 per cent measure their security position simply by counting the number of breaches.
"With security spending continuing to skyrocket, it is more important than ever to be able to report on metrics that matter, not just quantitative metrics like counting breaches. When breaches are constant, and inevitable, we need a better way," says Ed Hammersla, president of Raytheon|Websense. "We know threats are going to get in. If we want to be more confident, we need to shift our thinking to metrics such as dwell time, or reducing the time a threat is in our network, which reduces damage and helps strengthen our overall security posture".
When asked about metrics used to communicate their security posture, only 28 per cent of executives surveyed felt the ones they used were 'Completely Effective'. 65 per cent felt the metrics were only 'Somewhat Effective'. Only 33 per cent of those surveyed use dwell time (the elapsed time from initial breach to containment) alongside the other more established measurements such as Cost of Incidents (39 per cent) and Reduction in Vulnerabilities (39 per cent).
Intruders can do more damage to a business the longer they have to poke around and move within the network. The lesson from this research is that if an organisation can limit the length of time a threat exists, the damage will be minimised. Enterprises therefore need to employ different detection, analysis, and ejection techniques to stay secure.
More information on the report is available on the Raytheon|Websense site.