top of page

Pragmatic Security Runs on Data

Out of the many important security lessons learned during the past two years of the pandemic, a key takeaway for me has been that a good cybersecurity program is only as good as the data that make up its foundations. With the ever-changing cybersecurity landscape, it is critical for the organizations to develop and maintain a cybersecurity program that relies on complete and accurate data to connect the dots and help drive decisions about security investments that meaningfully reduce business risk.


Speaking of good data, a couple of key categories of data should form the backbone of any cybersecurity program. The first data category is the formational or architectural data. This is the data that provide information about the assets that make up an organization’s IT ecosystem. These are the information about hardware and software assets that are currently running within the organization’s IT environment, their configurations, their ownership, their connections, relationships, and interdependencies, etc. The second category of data which is crucial in enhancing any organization’s cybersecurity program is the contextual data. These are the security logs, security events, heuristic data, behavioral data, threat intelligence information, etc. If accurately and efficiently collected and analyzed, these data become the force multiplier in enhancing any organization’s ability to successfully implement preventive and detective security measures.


Historically, cybersecurity programs across many organizations have struggled to effectively communicate the value they bring to the business because they lack access to and analysis of valuable architectural and contextual data. Absent this information, cybersecurity teams have had to rely on the lack of adverse events such as data exfiltration or compromise to prove their value to the business. This approach leads to a very reactive security model where the teams are always playing catch-up with the ever-evolving threats resulting in a security posture that is unsustainable. In today’s world where most of the workforce works remotely using the devices or assets that are not always owned or managed by the organization, reactive and anecdotal approach to security is not scalable. Therefore, it is very important that the new threat models redefine the concept of “asset inventory” and couple that with the contextual information to help the organizations make appropriate security decisions.


A good architectural data backed up by the contextual data really help the cybersecurity teams to accomplish the dynamic shift of focus that is very much needed to develop a pragmatic and modern cybersecurity program. Data-fueled decisions help security leaders gain credibility and trust among the business executives and better align security with the rest of the business to attain key business objectives such as revenue growth, operational excellence, and maintaining reputation of the organization. When the communication between security and business is backed by good data, it automatically contributes towards unlocking effective partnerships and allowing the cybersecurity teams to focus on treating the root cause rather than simply treating the symptoms.


Another significant benefit of data-driven approach to cybersecurity is that organizations can effectively assign the right resources to solve the high priority problems. With the security resources being as scarce as they are today, understanding where to deploy those valuable resources to solve the problems with the greatest impact becomes a competitive advantage for the business. For example, tracking the data about the organization’s mean time to detect (MTTD) and mean time to remediate (MTTR) provide valuable insights about how well the incident detection and response program is functioning. The use of this data is further magnified when you apply the contextual information to derive the leading indicators showing when existing resources are at capacity or when the volume of detected incidents signal the need for additional resources. This will lead to more efficient response to critical security events which in turn will protect the business and aid in its growth.


When it comes to establishing a data-driven cybersecurity program, one of the most important aspects is designing the process of data collection. Excessive data collection in the spirit of implementing a data-driven cybersecurity program is a common pitfall that the organizations must avoid. A good security program of any size will generate a significant amount of data.

It is crucial to understand what data to collect and how to process such data that will equip management to make informed decisions. The data collection process needs to be repeatable, and the data collected must be able to describe the performance of the security program and identify deficiencies that require additional investments. A great set of data provides true security performance measurements and helps to answer critical strategy questions such as:

· Are the existing security policies adequate to address the risks to the business?

· What relevant actions need to be taken to improve the security services to reduce the risks to revenue, operations, regulatory requirements, or reputation?

· What does the organization need to invest on to reduce the susceptibility to or frequency of major security incidents?


Using solutions to establish a repeatable and vetted process to collect the data from various sources and use that collected data to derive additional context is of tremendous value to organizations of any size in their journey of developing a data-driven cybersecurity program. Only having the data available is not enough and teams need to implement meaningful actions based on data. And as I have described throughout this article, foundational data that is coupled with the contextualized data is really what will determine whether a cybersecurity program is effective and effectively aligned with the business priorities in today’s rapidly evolving cybersecurity landscape.

18 views0 comments

Comentarios


bottom of page