If there’s one thing that’s been made crystal clear during the Covid-19 pandemic, it’s that a cybersecurity (opens in new tab) program is only as good as the data that makes up its foundations.
Suyesh Karki, Chief Information Security Officer, Domo (opens in new tab).
In an ever-changing cybersecurity landscape, it is critical for organizations to develop and maintain security programs that rely on complete and accurate data (opens in new tab). Such programs not only help security leaders “connect the dots,” but allow them to make good security investment decisions and maintain business continuity. So how exactly does a security organization ensure that its data is complete and accurate? What else does such data enable? And how can a BI platform (opens in new tab) help?
The two types of data
The backbone of a good security program is formed by two types of data. The first type is architectural data, which offers insight into the hardware and software (opens in new tab) assets that make up an organization's IT ecosystem. The structure of architectural data is vital for creating a secure framework and producing cross-platform and interoperable server environments.
The second type is contextual data, such as security logs, security events, heuristic data, behavioral data, and threat intelligence information. If collected and analyzed properly, this type of data becomes the force multiplier in enhancing an organization's ability to successfully implement preventive and detective security measures. Furthermore, it also gives you controlling access on every level.
Without architectural and contextual data, security teams must rely on the lack of adverse events—such as data exfiltration or compromise—to prove their value to the business. This approach leads to a reactive and unsustainable security model, which forces teams to constantly play “catch up” with ever-evolving threats, resulting in a security framework that is unstable and weak. Therefore, strategy planning for any potential security threat is not based on accurate and up to date data.
In today’s world, where many people work remotely using devices or assets that are not always owned or managed by their organization, a reactive approach to security is not scalable, either. With the abundant unknown connections, these devices are susceptible to various security threats. Therefore, it is important that the new threat models redefine the concept of “asset inventory,” and use contextual information to help organizations make appropriate security decisions and continually develop their security processes and frameworks to stay ahead of the threats.
What the right data does for decisions—and what data-driven decisions do for security leaders
When security leaders make decisions based on complete and accurate architectural and contextual data, they can align security activities with the business’ goals, focus on the root cause of a problem rather than the symptoms, and assign the right resources to high-priority issues.
Take, for example, mean time to detect (MTTD) and mean time to remediate (MTTR)—two of the key performance indicators (KPIs) in incident management. If data on those indicators is tracked, then security leaders can perceive how well their threat detection and response programs are functioning. In turn, they can make informed and precise decisions around those programs, especially what areas need improvement. And if contextual data is applied, then determining when existing resources are at capacity, or when the volume of detected incidents might require additional resources, becomes so much easier.
This leads to a more efficient response to critical security events, which in turn protects the business (opens in new tab) and aids its growth. It also enables security leaders to gain the trust of executives. Again, the idea of cross-platforms and interoperable server environments within various aspects of organizations is easily facilitated with the right data implemented.
Establishing a data-driven security program
When it comes to establishing a data-driven security program, one of the most important aspects is designing the process of data collection. It is crucial to understand what data to collect and how to process that data. Understanding these processes enables security teams to make meticulous decisions based on certain situations.
Another important factor is that the data collection process also needs to be repeatable. The data collected must illustrate the performance of the security program and identify faults that require additional investments. A great set of data provides true security performance measurements and helps to answer critical strategy questions, such as:
- Are the existing security policies adequate to address the risks to the business?
- What relevant actions need to be taken to improve the security services designed to reduce the risks to revenue, operations, regulatory requirements, or reputation?
- What does the organization need to invest in to reduce its susceptibility to or the frequency of major security incidents?
Using modern BI platforms can help security organizations establish a repeatable and vetted process of data collection. The right framework for each organization is built and security leaders are prepared for any risks that the business may face. What’s even better is that with the advanced capabilities behind BI platforms, such as data science and machine learning, the foundation of a security program can be quickly built, provided to the right stakeholders, and drive intelligent automation.