Speaking with organizations from every possible vertical and industry, I’ve come to understand that the most important issue facing organizations today in their quest for better security isn’t the next new widget that will secure this or that platform, or the one that will give you more control over cloud or BYOD, or the one that will help you better protect any of your hundreds of applications located inside and outside your environment. The fact is that these are relatively simple issues that can be efficiently addressed by selecting any one or more solutions from dozens of vendors vying for just five minutes of your precious time. No, the most important issue you are facing as an organization is one of confidence.
Specifically, organizations are at a cross-road when it comes to the level of confidence they have in their own security and risk environments.
When even the largest organizations with exceptionally mature security and risk programs are falling prey to determined attackers, who wouldn’t have a crisis of confidence?
Confidence comes from a sense of trust, a belief in one’s abilities and level of certainty that things will turn out as planned even when faced with difficult odds in previously unseen situations. Confidence is knowing that no matter what, there are resources available to surmount any challenge and that people and systems will operate as intended when needed most. But how do you get to this point?
In one word - intelligence.
Organizations, now more than ever, are facing threats that attempt to exploit any and all possible attack vectors – from the most mundane to the most advanced – and each security component deployed in an environment, be it staff or technical solution, must operate in a coordinated fashion at all times. Not only that, security and risk operations must act and react as a single overall dynamic unit that is contextually aware of itself, all of the members of the group, and how each of them individually and together respond at any given moment.
This goes beyond having simple static dashboards, key risk indicators (KRIs) and metrics displayed in colorful graphs and charts that report on the underlying plumbing and operations of individual solutions. That approach provides a false sense of security that dulls the senses and opens the door to attackers.
No, today’s threat environment requires a level of sophisticated intelligence and deep understanding of your complete environment in context. One that not only has direct visibility into what is happening at an individual component level moment by moment, but one that can also stitch together each individual narrative across all domains to get a fully contextualized and complete view of the security and risk profile of any given action, behavior, system and individual as it stands against itself and relative to every other.
This is how you achieve the necessary level of confidence in your security and risk operations to answer the most difficult questions facing your organizations today. This is how you achieve the confidence that each piece of the puzzle will be up to the task to address today’s ever-changing threat environment and how you can evolve your security and risk programs into the uncharted future.
This will be my focus of the next few posts. My goal is to demystify and plainly state the core concepts and views for aligning effective security and risk intelligence in an ever-changing world.