On average, enterprise customers have more that 54 separate security solution ranging from best of breed all the way to established security companies. However, the “2015 Cost of Data Breach Study: Global Analysis.” report showed that the average total cost of a data breach for the participating companies increased 23 percent over past two years to $3.79 million.
Furthermore, there were a total of 781 Breaches with a total of 69,068,506 records exposed accroding to ITRC Data Breach Report for 2015. So, after all the layers of Security controls already deployed and new ones being added, there is one question that remians for me. Is defense in depth working ? Is it broken ? Is it still applicaple to the type of targeted, advanced and persistent threats that we have seen cut through these Security Solutions like an knife cuts through butter.
Looks like every time we add another NG security solution, our very well equipped adversaries come up with an NG targeted attack to bypass that new layer. Isn’t time to shift the burned and the added cost to the adversary ?