Infosec Keynote 2024

Client one experienced 364 security detections in 12 months, while client two had only 29 detections. That’s a staggering 1200% difference.

After extensive investigation, we discovered the primary difference: client one gave users local admin rights and didn’t enforce separation of duties for administrators. Meanwhile, client two removed local admin access and maintained strict separation between privileged and day-to-day activities.

Building a Military-Grade Cyber Range

This revelation led us to build comprehensive cyber ranges to test what we’ve all been told about security best practices:

• Multiple Zero Trust environments
• Commercial, FedRAMP IL2, and IL4/IL5 military-grade stacks
• 50-100 Windows devices with varied patch levels
• Real-world threat simulations

Our ONE Platform emerged from this testing—bundling Gartner-leading security tools into an integrated solution that delivers measurable performance improvements.

The Dynamic Nature of Security

Nothing in cybersecurity is static:

• Threats evolve
• Security vendors update their products
• Configuration changes can dramatically impact performance

Looking at four random clients, we found EDR performance varied wildly from month to month—one client’s EDR solution dropped from 78% effectiveness to 47% in just 30 days.

This highlights a critical truth: you can’t implement security once and expect consistent protection. It requires continuous validation and adjustment—exactly what our managed IT services deliver.

EDR Performance Testing: The Surprising Results

We tested multiple leading EDR solutions using default/best practice configurations—the same way most organizations implement them. The results revealed:

1. Most EDRs block ~90% of established threats, but performance against newer threats drops to ~55%
2. Blocking threats doesn’t always mean blocking attack objectives—some EDRs allowed threats to persist or move laterally despite detection
3. Basic endpoint hardening improved most EDRs by 5-10%—a minimal investment compared to licensing costs
4. For some EDRs, hardening actually decreased performance—what works for one solution can harm another

These findings underscore that there’s no one-size-fits-all approach to security. Your organization’s unique architecture, applications, and access patterns determine which security controls matter most.

Beyond EDR: Building Defense in Depth

EDR is just one piece of your security puzzle. Our CMMC compliance services focus on how you can build multiple layers of protection:

1. Implement basic hardening standards—they can boost EDR performance by nearly 10%
2. Eliminate local admin rights—our data shows this single change can reduce security incidents by 1200%
3. Enforce separation of duties for administrators
4. Integrate security tools to work together—each small improvement adds up to substantial protection
5. Continuously validate your security stack against real-world threats

As Chad emphasized in his keynote: “While all vulnerabilities are vulnerabilities, not all vulnerabilities are exploitable inside your organization.” Understanding which threats pose actual risk requires specialized expertise and continuous testing.

The Path Forward: Objective Security Measurement

The key takeaway: you need to objectively measure your security stack’s performance against real-world threats specific to your environment. What works for others may not work for you.

Our Zero Trust architecture approach has proven effective across over 1,000 deployments in the past three years. We’ve built our methodology on data, not opinions—enabling organizations to achieve measurable security improvements regardless of their starting point.

Ready to see how your security stack actually performs against today’s threats? Schedule your free security stack assessment →