Security Tools - Measuring Performance in Real-Time Explained
Basically, organizations need to check their security all the time, not just every few months.
Organizations need to rethink how they measure security performance. Tim Nan from digiDations highlights the risks of outdated methods. Continuous validation is essential for effective defense.
What Happened
In today's fast-paced cyber landscape, organizations are realizing that security performance cannot be evaluated just once a quarter. Tim Nan, CEO of digiDations, highlights a critical misconception: more security tools do not necessarily equate to better protection. Adversaries only need one successful entry point to exploit vulnerabilities. This means that relying on periodic assessments can leave organizations exposed to attacks that exploit gaps in their defenses.
The urgency for continuous validation has intensified due to two main factors: the speed of attackers and the volume of vulnerabilities. According to the CrowdStrike 2026 Global Threat Report, the median time for adversaries to move laterally after gaining access has drastically decreased from 98 minutes in 2021 to just 29 minutes in 2025. This rapid evolution in attack methods makes it imperative for organizations to keep pace with their defenses.
Who's Being Targeted
Organizations across various sectors are vulnerable to these evolving threats. As the number of new vulnerabilities continues to rise—over 160 new CVEs projected daily—manual testing methods are becoming inadequate. Relying on periodic testing provides only a snapshot of security performance, which can quickly become outdated as both the threat landscape and organizational environments change.
Nan emphasizes that security leaders must shift their focus from merely asking, "Did we detect this?" to a more proactive approach: "Did we detect and respond quickly enough?" This change in mindset is crucial for ensuring that organizations can effectively thwart real attacks before they cause damage.
The Shift to Continuous Validation
To address these challenges, digiDations has developed the ATLAS platform, which conducts continuous adversary simulations based on the MITRE ATT&CK framework. This platform measures control effectiveness and identifies detection gaps in real-time. With a library that encompasses over 24,000 tactics and techniques, ATLAS provides a comprehensive view of an organization's security posture.
The continuous validation process not only tests defenses but also serves as a training ground for Security Operations Center (SOC) teams. By simulating attacks, teams gain valuable experience in recognizing threat patterns and responding effectively. This iterative learning process helps refine response strategies and enhances overall security resilience.
How to Protect Your Security
For organizations still relying on traditional assessment methods, Nan recommends a proactive approach. Implement ongoing, controlled attack simulations to measure how well your security controls and teams perform against real-world scenarios. This shift from reactive to proactive defense allows organizations to build confidence in their security measures.
In a world where attackers are increasingly using AI to enhance their strategies, defenders must also leverage AI for detection and response. The gap between attacker and defender capabilities hinges on which side can adapt more rapidly. Continuous validation that incorporates AI-driven simulations will ensure organizations are prepared for the latest threats.
In conclusion, organizations must stop asking if they think they are secure and start proving their defenses work in real-time. By adopting continuous validation practices, they can better protect themselves against evolving cyber threats.