Today’s security operations teams face an unrelenting stream of attacks from both outside and inside of their organizations. Security operations teams are dealing with tool sprawl which may inadvertently compromise their security tools’ capabilities, while misconfigurations can result in attacks through capable devices. A security professional can implement temporary rules to authorize short-term contractor access no longer needed or accidentally turn off a setting that may not get noticed.
This report investigates the current thinking of security operations teams and senior management to understand how they validate that their security solutions are working and if they are defending their organizations as expected. In addition, the research sought to understand the value and concerns of running security assessments against production systems.