Machine learning holds great promise for security operations
Over the past two years machine learning has found its place firmly in the cybersecurity industry and its benefits are indisputable. Through machine learning, we’ve seen great improvements implemented into technology that can make tangible improvements to our cybersecurity posture.
Establishing organizational and security operations metrics improves management and reduces company risk
An organization's ability to discover and reduce risk in a more preventative manner rests heavily on having clear cybersecurity and security operations metrics.
Understanding the overall security posture of your enterprise is determined by creating a baseline of select organizational and security operations metrics. With baseline numbers established, you can then begin to increase visibility, education and improvement to both technology and processes within your program. Metrics should be garnered from critical assets with risks and improvements presented to key stakeholders within the organization. These metrics help determine where particular areas of a program are running smoothly and where additional insight should be applied.
Defining the cybersecurity metrics that matter to your organization
Start by understanding your organization's critical assets. This could include everything from sensitive customer data and company IP to users and devices. I almost always suggest starting with anything compliance-related or having to do with public assets. These are the areas where you should be building metrics first. Ultimately, you're looking to measure your ability to effectively and proactively secure your company's most valuable assets. Ensuring visibility into these areas first is vital to identifying lapses in performance that could compromise security and triggering response to get processes back on track.
After you've identified what needs to be monitored, you need to start collecting information and determining what data points are available. The process for collecting metrics is an important discussion item, since we want to limit as much manual effort as possible. Determining what information to collect and how you'll gather and analyze this data is a crucial step in your metrics journey. You'll also want to gut-check your identified metrics with a risk-based team, if available, to determine prioritization of the remediation efforts when those needs arise.
Baselines set the stage for goal-setting and measuring progress
Creating baselines is what you’ll use to determine the current cybersecurity maturity of your organization overall as well as your SOC. Baselines also help you identify any outliers or blatant concerns which require urgent attention. By creating this foundation and setting standards reflecting what’s normal within your organization, you create a basis for setting goals and milestones. Included in your baselines should also be an understanding of industry standards and your organization's appetite/tolerance for risk. Without these, identifying future goals is destined to be a fruitless exercise.
As an example, let's say you set a goal of having all Windows systems patched within one week of new Microsoft patches being released. To set this as an effective goal, you would need to have already done the following:
Baseline the current state of your patching performance - what is the current time frame for new patches to be applied?
Understand your organization's risk tolerance - how long are unpatched systems acceptable?
Only by understanding these elements can you determine if a one-week patching window is actually a good, reasonable, achievable goal.
Effectively connect people, process and technology to minimize MTTD and MTTR
There's a reason it's said that what gets measured gets managed. In order to successfully achieve a goal, you have to be able to measure progress. It's the only way to know if you're heading in the right direction.
Tell The Reader More
The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.