4 Ways to Improve Security Effectiveness through Instrumentation

FireEye

By Brian Contos, CISO, Verodin^®, now part of FireEye

Cyber risk is now a top concern for C-level executives given the huge financial liability companies face when a breach occurs. Even with the potential for catastrophic losses, companies do not measure cyber security like every other business function – mainly due to a lack of understanding of how to make such calculations. At the same time, millions of dollars are being invested by enterprises in security solutions, yet the number of breaches keeps increasing.

In the FireEye M-Trends 2019 report, research shows that "attacks by many known adversaries continue to succeed with the same or very similar TTPs as before, illustrating that targeted attackers continue to succeed in their missions and many known threat are left unaddressed. This is also evident by the high percentage of cyber attack victim organizations being retargeted."

Beyond safeguarding a company's assets, cyber risk is now about corporate brand and reputational risk, operational risk, and financial risk. Gartner recently reported that CEOs are increasingly being blamed and fired as a result of cybersecurity-related events, more so than IT executives. The research states that CIOs concerned with IT risk need to help CEOs better understand security effectiveness and risk, and achieve greater defensibility with key stakeholders. And, that means being able to translate cybersecurity effectiveness into business speak.

But, continuing to throw more dollars at more security solutions, without a baseline understanding of what's working and what's not, will not give companies more protection. So, what will help CIOs to more confidently identify and address these gaps? And how they can better arm the C-suite with evidence-based data about security effectiveness so it can be measured like any other business function? The answer lies in instrumentation. Here's why.

1. Validate the security stack
   Today, with much more at stake, security teams need to manage increasing complexity in the environment while they figure out how to report on and provide guidance to the rest of the business like sales, marketing, HR and finance – based on quantitative measurements, not assumption-based metrics. Instrumentation enables them to answer important questions like:
   1. Are we getting the most value from our tools?
   2. Are my processes effective and do they trigger the right behaviors if alerted - or not?
   3. Is what I'm doing providing real value for the dollars we spent?
2. Conduct and automate the right tests
   Audits and pen tests serve a purpose but they stop short of enabling security teams to pinpoint vulnerabilities, fix them, and validate that the fix is successful over the long-term. Instrumentation is a way to automate the entire process on an ongoing basis – measuring security effectiveness across prevention, detection, and response, as well as managing and improving security effectiveness through prescriptive results. Once systems are optimized and operating as intended, you can automatically monitor for environmental drift to ensure that what's working stays working.
3. Optimize and rationalize the security stack
   When evaluating new security tools, do you know if you're considering solutions that enable the business? We only create processes, build apps, or hire people if they result in a business benefit, but we haven't held security to the same standard because there weren't the right tools to measure it. With instrumentation, we now have solutions that determine how security components enable and improve operations.
4. Report actionable insights to executives

Today's security teams are being held to a much higher standard, and are being called to the carpet by the audit committee, the C-suite and the Board. Key stakeholders want assurance that the security controls that are in place are doing what they're supposed to. Instrumentation platforms provide evidence-based, actionable reporting to give executives peace of mind that the security infrastructure is being continually monitored and optimized to fully protect the brand, operations, and financial position.

Cyber attacks and breaches are inevitable. Measuring, monitoring and improving your security systems before an attack takes place is entirely possible with today's instrumentation tools, while giving companies maximum value out of their security investments. Demonstrating defensibility against potential threats through instrumentation is good for security and good for the business.