Stephen Roostan at Kenna Security explains how high quality data used well can be used to illuminate security decisions.
When it comes to data-driven decision-making, the challenge doesn’t usually lie in convincing others of its value, but in establishing the right technological and organisational capabilities to implement these types of decisions effectively.
Too often, business leaders think that simply throwing more data at their teams will result in better decisions. But the key problem with this approach for most security practitioners is that they are not data scientists - nor should they be expected to be.
The success of a data-driven approach to any business decision-making is reliant upon the quality of the data gathered, the timely manner in which it is aggregated and the effectiveness of its analysis and interpretation. Together, these capabilities can be a game changer for cybersecurity teams, allowing them to focus on identifying and remediating the biggest and most pressing areas of risk to their individual organisation. Be in no doubt: cyber security is a data problem.
The scale of the problem
Security organisations have masses of sensor and scanner data at their disposal. But, until recently, they were forced to manually correlate, analyse and interpret this data - a difficult feat under any circumstances made nearly impossible by the growing levels of vulnerability data and complexity within the typical enterprise IT environment.
It’s not uncommon for analysts to spend huge amounts of valuable time creating Excel-based reports that no one reads, while vulnerability remediation teams face piles of reports with no idea where to begin their efforts. One of the most dangerous consequences is that executive teams lack a quantitative understanding of their organisation’s risk profile, with potentially disastrous results.
Information needs to be valuable and actionable
In practice, correlating volumes of scanner data and analysing it in the context of the organisation’s environment is nearly impossible without the application of modern technology.
The solution lies in harnessing advances in machine learning and automation to take the human effort out of routine data analysis. Instead, teams should be presented with meaningful, actionable insights, when and where they’re needed most. Automating routine tasks frees security teams to act on data, rather than spend valuable time cleaning and correlating it. Only the most relevant data concerning the most high-risk vulnerabilities will be passed on for action.
For example, predictive modeling is one of the approaches being used within security teams to address data overload. It uses supervised machine learning algorithms to analyse a vulnerability the day it is published, helping security teams cut through the data to determine the likelihood of it becoming exploited so it can be appropriately remediated.
It enables security teams to develop beyond proactive cyber risk management to predictive cyber risk management. However, it is critical to note that the key to successful implementation is ensuring that the threat intelligence data is both high quality and available in real time to counter an always-changing threat landscape.
The importance of executing data-driven decisions
By leveraging automation and machine intelligence to correlate, analyse, predict and prioritise high-risk vulnerabilities, security teams are empowered to make data-driven security decisions that can result in true risk reduction.
And when organisations obtain these automation and machine intelligence capabilities via a centralised risk management platform that uses standardised risk scoring, every stakeholder stands to benefit. Security teams can more efficiently and confidently prioritise and orchestrate cyber risk management efforts, and they also have a concrete language and metrics for communicating risk levels to management and measuring improvements.
In turn, vulnerability remediation teams can understand exactly which threats need to be addressed, and how. They can also see, in advance, how their efforts will impact the organisation’s overall risk exposure. This means security leaders can better prioritise and allocate resources to maximise the impact their teams’ efforts have on reducing overall risk.
Managing cyber risk the smart way
Expecting security practitioners to manually correlate or perform analysis on rapidly increasing levels of data is unrealistic. Security leaders should equip their teams with flexible tools that take away as much of the intensive legwork as possible and are both highly scalable and interoperable to accommodate continued expansion. By eliminating time-consuming traditional analysis security professionals can work more effectively with the rest of the organisation and apply their expertise to meeting shared objectives that focus on risk reduction.
Ultimately, the objective of a data-driven security strategy should be that it achieves results more accurately while increasing IT efficiency. By continuously analysing vulnerabilities in real-time, prioritising their remediation through empirically calculated risk metrics, efficiently allocating team resources in their remediation, and reporting on risk posture and results, the impact can be dramatic.
Data-driven security decision-making is within the grasp of any modern organisation, and in an era of perennial cybersecurity risk, it’s becoming increasingly urgent.