Finding Those Security GapsNSS Labs' Brian Soldato on Sizing Up Effectiveness of Security Strategy
Many organizations are uncertain about the overall effectiveness of their security strategy because they are still in the dark about aspects of their risk posture, says Brian Soldato of NSS Labs. Conducting a few pen tests a year is not enough, he stresses.
"A lot of organizations don't understand their entire risk in relation to the threats that are out there today," Soldato says. "They don't understand the things that are in their environment and where the security gaps lie."
As a result, many enterprises are playing a guessing game, according to Soldato, without a clear view into their controls and how they are working.
In an interview at Information Security Media Group's recent Fraud and Breach Summit in New York City, he also discusses:
- The value of ongoing validation of security products and controls in an environment;
- Why an occasional pen test is insufficient;
- Suggestions for quantifying risks for key stakeholders.
Soldato is senior director of product management at NSS Labs. Previously, he led product management teams for various SIEM and behavioral analytics solutions, including Intel Security's SIEM product line.