Continuous Security Validation Is Critical for the Evolution of a Developed Security Program — but How Is It Most Effective?

FireEye.News

For years we have seen a disturbing phenomenon that continues to put enterprises to the test—no matter how much money organizations spend on bolstering cyber security defenses, attackers keep finding ways to break through with new strategies and tactics, often faster than teams can adapt. With companies around the globe facing economic uncertainties, there has never been a more urgent time to ensure—with evidence—that the investments being made are the right ones. Every enterprise needs continuous validation that security controls are performing as they should to protect an organization’s brand reputation and financial position.

Put simply, the traditional model of ‘invest heavily and assume security is working’ no longer works—if it ever did. As companies across all industries face the need for spending cuts without impacting risk, they must validate that their environment is healthy and working as expected across people, processes and technology. But where do they start and how do they know what to prioritize? To validate security effectiveness properly, it must be performed on an automated, continual basis, and it must be based on real attack behaviors, not simulations. And, the ability to integrate and operationalize relevant threat intelligence is a game changer.

Mandiant Security Validation Experts Guide the Way With Stories From the Field

Mandiant Security Validation (formerly Verodin) provides evidence-based, reliable security validation with its award-winning Mandiant Security Instrumentation Platform. The technology—coupled with Mandiant’s team of security professionals who have been working on the front lines of cyber defense for years—provides customers with unparalleled guidance to outmaneuver attackers and prioritize the right investments.

Our experts will be leading numerous informative and insightful, and practical, sessions covering many aspects of security validation at the upcoming FireEye Virtual Summit, June 9 to June 11. Here is a rundown of those sessions:

Title: Proactive Security Operations: How MITRE ATT&CK and Intelligence-Led Validation Prove Effectiveness
Speakers: Josh Zelonis, Principal Analyst, Forrester and Chris Key, Sr. VP Mandiant Security Validation
Date/Time: Tuesday, June 9 | 9:00 AM PT/12:00 PM ET
Registration: Register today to hear from Josh and Chris

Today’s economic pressures combined with the evolving threat landscape make it critically urgent that companies validate and prove effectiveness across various operational functions, not least of which is cyber security. Rather than focus on a reactionary detection and response approach, companies need to be more proactive to strengthen security operations. This webinar will highlight the:

  • MITRE ATT&CK knowledge base and how it can be used to help test your security posture and prove effectiveness
  • Importance of relevant threat intelligence for your organization and how its application can help pinpoint failure points
  • Impact of environmental drift on your security posture and how to plan for it
  • Evidence continuous validation delivers to prove effectiveness, reduce costs and optimize your security infrastructure

Title: Validate Security Performance to Rationalize Investments
Speakers: General Earl Matthews, Vice President of Strategy, Mandiant Security Validation
Date/Time: Thursday, June 11 | 1:00 PM PT/4:00 PM ET
Registration: Register today to hear from Earl

Security assumptions do not equal security effectiveness. With increasing pressure on boards of directors and CEOs to provide evidence that business assets are protected from the fallout of a potential breach, the need to justify security investments is now a key performance metric. Only through security validation and continual measurement of security effectiveness across technology, people and processes can you rationalize cyber security investments and prove value to the C-suite. This webinar will cover:

  • Best practices for investment prioritization when it comes to hiring, training and security solution procurement
  • How security validation testing can identify areas of overlap in capabilities, inefficiencies in product expectations, and gaps in overall security posture, and help you optimize performance and value
  • Steps to take to strengthen your security posture and minimize cyber risk in order to protect your brand reputation and economic value

Title: Leveraging Security Validation to Operationalize Threat Intelligence
Speakers: Henry Peltokangas, Director of Product, Mandiant Security Validation and Jeffrey Berg, Senior Director​, Mandiant Threat Intelligence
Date/Time: Wednesday, June 10 | 1:00 PM PT/4:00 PM ET
Registration: Register today to hear from Henry and Jeffrey

When optimizing security defenses, organizations need to know as much as possible about today’s attacks and threat actors to protect critical systems, data and users against likely attack scenarios. Cyber threat intelligence can give organizations rich context on the threat landscape to bolster security effectiveness testing that can identify gaps in security controls before incidents occur. This webinar will cover:

  • The value of cyber threat intelligence to proactively identify the latest and most sophisticated threats and support strategic decisions
  • The importance of automatic and routine controls testing against the latest attack behaviors
  • How security effectiveness validation and cyber threat intelligence can help rationalize security investments, align business and security programs and best equip security teams to defend against adversaries

Title: Intelligence-Driven Security Validation: Why Cyber Security Needs Validation
Speakers: Shashwath Hegde, Solutions Architect, APAC
Date/Time: Monday, June 8 | 7:00 PM PT/10:00 PM ET
Registration: Register today to hear from Shashwath

A recent SANS study showed that while organizations used threat intelligence to hypothesize where attackers may be found, they lacked the investigative skills to conduct searches. Security validation helps organizations validate and consolidate their existing security investments before throwing more tools at the problem. And by integrating and operationalizing threat intelligence, organizations can develop an effective, highly scalable security posture.

The FireEye Virtual Summit is fast approaching. Head over to our site to check out related sessions on security validation and other topics, and register today.

This post was first first published on

FireEye Stories

‘s website by Earl Matthews. You can view it by clicking here