Organizations are investing a significant amount of time and resources building, implementing, improving, and measuring security controls. This investment is expected to continue to increase sharply over the next few years. Gartner estimated that the spend on information security globally rose well above $80 billion by the end of 2016, but many professionals feel that the technology sprawl is hampering their efficiency more than it is helping them.
The Center for Internet Security (CIS) maintains a list of 20 Critical Security Controls illustrating the basics that an organization should have in place to defend its assets against cyber attacks, but professionals in the industry are often overwhelmed by the volume of point solutions that have entered the market. While each solution solves a specific part of a security problem, they also add complexity and potentially contribute to the brittleness of the corporate defenses.
The real questions then become:
Learn more about how you can answer these questions for yourself by reading AttackIQ's latest free whitepaper - Security in the Age of Constant Change: A Case for Continuous Security Validation.