Every CISO: “Tell Me What’s Working and What’s Not.” by Brian Contos
Wouldn’t it be great to simply “know” what’s working and what’s not across your people, processes, and technology?
If you’re a CISO or security executive by another title, you know better than most that you often suffer from not knowing the state of your security effectiveness and because of this, you are forced to operate tactically. What’s needed is a foundational perspective, bedrock, about the current state of your security effectiveness across people, process, and technology which ultimately alleviates headaches and allows you to approach security more strategically.
It’s often critical for CISOs like you to earn your stripes in the eyes of your stakeholders. Security instrumentation solutions will help you illustrate what your team does for the organization. Security instrumentation metrics will allow your stakeholders to understand the value of the security organization from a business perspective and thus recognize it like other, measurable, critical business units.
Instrumentation has long been a mechanism to provide visibility. Think about driving your car or operating a nuclear power plant – gauges matter. Instrumentation has been a foundational part of IT for decades, especially in areas like networking. However, “security instrumentation” like that offered by Verodin is a relatively new concept.
But while the concept of security instrumentation may be somewhat new, it is quickly becoming foundational for those tasked with offensive security, defensive security and especially those like you with the awesome and terrible responsibility of security leadership.
Security instrumentation by Verodin is all about understanding and measuring the state of your security at a point in time as well as using automation to perform continuous analysis to generate longer-term trends. Effective security instrumentation focuses on not only your technology but also your people and processes. More importantly, it is foundational, meaning that it is something that should be brought into your organization early in your security decision-making process.
Security instrumentation by Verodin can assist security executives like you by helping you understand what you’ve got that’s working, what needs to be tuned versus what needs to be replaced and aiding in the evaluation of alternatives. You might not need to buy another buzzword, you might just need to figure out a better way to get value from what you’ve got.
While continuous assessment is a major part of the value proposition of security instrumentation solutions, let’s just consider the case of you, as a security executive, just trying to assess where your security effectiveness is from a snapshot perspective so that you can make more informed, strategic security decisions.
Verodin allows you to safely execute real attacks in your production environment and see how well your network and endpoint security controls perform, your security teams respond and your security processes deliver. Think about how security instrumentation can address the following questions to help you remove assumptions and create a “baseline of knowing” that’s so important in your new security leadership role.
Analyzing the efficacy of your security technologies
Which incident prevention security controls on my network and endpoint are preventing and reporting on malicious activity and has defensive regression broken anything? Which incident detection security controls on my network and endpoint are detecting and reporting on malicious activity and is my intelligence integration inadequate? Which security control management consoles, SIEMs and log management solutions are collecting logs and alerts? Here is a painful one that can really suck – of the logs and alerts being collected which ones are being triggered as a correlated rule, notable event, etc.? Of those rules and events which ones are making it to your security team for review and response?
Evaluating your security team
Does my security team have access to the right technology? Do they know our technology and are they well practiced (a security team that doesn’t practice incident response is like a football team that doesn’t practice football – it doesn’t end well)? Is my security team receiving the right incident information in the right amount of time? Do I have enough of the right people on my team? When my technology and team are operating efficiently do we have operationally effective processes to follow or are we like the poor folks from PwC at the 89 Academy Awards trying to figure out what to do when everything goes wrong?
Assessing your security processes
Are my incident response processes working in the face of real attacks being safely executed against my production network security controls and my endpoint security controls by a security instrumentation solution like Verodin? Do we have the right people and the right amount of people involved in the processes? Can we measure if our incident response effectiveness over time is trending up or down? Can we highlight positives and negatives related to changes in security controls? Can the totality of what’s been measured across people, process and technology be leveraged to share with my stakeholders such as the executive team and board?
Security instrumentation solutions allow visibility into what’s working and what’s not across your people, process, and technology. As outlined, this can be done at a point in time but adds even more value when applied through automated and continuous evaluations that safely execute real attacks within your production environment.
The reporting and metrics that are made available with Verodin’s security instrumentation solution are valuable to business decision makers at an executive and board level. This information will highlight trends in your security effectiveness, identify the capital expenditures and operational expenses that are resulting in value, prioritize other investments that should be made and quantify the business risk if those investments are not made.
Welcome to security at a strategic level.
About Verodin
Verodin safely instruments security on your enterprise network, dynamically assessing the cumulative effectiveness of your entire security portfolio. With Verodin, you can observe and adjust real responses to real attack traffic without ever putting production systems in danger. Verodin lets organizations see how security controls will respond to attacks in advance, so defenses continually improve and measurably mature over time. Verodin quickly finds weak spots, eliminates costly uncertainties and builds stronger, smarter and more valuable security teams. Verodin dramatically improves the return on your security investments and gives you the empirical data you need to make better decisions down the road.
Learn more at verodin.com.
- Malicious File Transfer: What You Need To Know About an Attacker’s Methods and Techniques To Protect Your Organization From Malware by Ursula Cowan
- Verodin LATAM Party (Porto Alegre Brazil) by Brian Contos
- Policy Evasion: Evasive Techniques You Need to Understand to Prevent Breaches and Attacks by Major General Earl Matthews USAF (Ret)
*** This is a Security Bloggers Network syndicated blog from Verodin Blog authored by Verodin Blog. Read the original post at: https://www.verodin.com/post/every-ciso-tell-me-whats-working-and-whats-not
