Security Tool Efficacy
Effectiveness of security tools in detecting and blocking threats
Current Value
76%
+8% from previous period
Industry average: 68%
Calculation Method
(Number of threats detected or blocked by tools / Total number of threats identified) × 100
Significance
This KPI measures how effectively your security tools are performing in identifying and mitigating threats, helping to optimize your security technology investments.
What is Security Tool Efficacy?
Security Tool Efficacy measures how effectively your security tools (EDR, NDR, SIEM, WAF, etc.) are performing in detecting and mitigating security threats. It evaluates whether these tools are providing adequate coverage and value for the investment made in them.
How it's calculated
This KPI is calculated as the percentage of actual threats that were successfully detected or blocked by security tools:
(Number of threats detected or blocked by tools / Total number of threats identified) × 100The "total number of threats identified" includes threats detected by tools, manual discovery, post-incident analysis, threat hunting, and external notifications.
Note: This metric can be calculated separately for different tool categories (endpoint, network, email, etc.) or as an aggregate score across all security technologies.
Why it matters
Investment optimization: Helps identify underperforming tools that may need reconfiguration, additional tuning, or replacement.
Coverage gaps: Highlights areas where security coverage may be inadequate or where tools may be missing important threats.
Detection capabilities: Provides insights into how well your security stack is performing across the different stages of an attack.
Performance trends
Security tool efficacy has improved by 8% over the past year, primarily due to better configuration of SIEM correlation rules and the deployment of a new EDR solution. The most significant improvement is in endpoint threat detection, which increased from 65% to 82% efficacy.