The good news: CISOs have all the data they need to understand and communicate the performance of security programs and stacks. With 60+ different tools in the average security enterprise stack, security teams ingest more than enough data to drive data-driven decision making.
The bad news: this is not happening, as most CISOs will attest.
Unlike other C-level executives, CISOs are at a distinct disadvantage vis-à-vis their management tools.
They’re a key factor, or at least important contributors, in top management discussions and decisions, just like other executives. Yet they’re not nearly as well-equipped with insights as other leaders. Finance, sales, marketing, you name it – these execs have centralized feeds of insights (think Salesforce, HubSpot or Bloomberg). For CISOs, the stakes of accountability are arguably even higher than those of their colleagues - yet they’re still navigating in the dark. They’ve got only limited visibility into how their tools are performing, no infrastructure for measurements, no common perspective, and no way of understanding what needs critical attention.
Clearly, CISOs need a definitive, accessible, accurate and always-updated single source of truth.
And that’s what inspired SeeMetrics to build the Cybersecurity Performance Boards.
The Challenges of Building Performance Boards
For anyone who’s worked with Bloomberg – a definitive, always-on source of truth for financial info – it seems like a no-brainer. With so much data coming from so many tools, why should measuring performance be so difficult? What’s the big deal with creating a Bloomberg-like dashboard for cybersecurity?
The thing is, it is a big deal. A very big deal. Why is this?
Diverse and disparate data - Security stack data sources are fragmented. Raw data flowing into security data lakes needs to be rationalized and contextualized before it can be used to generate insights. And once all this is done, data in the security data lake still needs to be enriched and normalized. Today, this requires dedicated headcount - consultants, engineers, analysts, cyber SMEs and more. And this forces the allocation of a massive line item in the security budget for data analysis projects, rather than for improving security.
No standardized metrics or measurements - Creating measurements and metrics from such disparate data requires a massive amount of theoretical and manual analysis. No standards for cybersecurity measurements exist, and a lot of work is required just to decide what to measure, how to measure it, and how to tally everything up in a way that is sufficiently consistent to answer tough questions, mitigate risk and keep costs in check.
External only - Currently, trends and benchmarks are identified and tracked based on external assessments. This is the security equivalent of purchasing a house after only evaluating it from the yard.
Subjective insights - Planning and roadmap-based decision making are currently based on offline data and static assessments, with no ability to track progress over time.
Challenges Solved
How has SeeMetrics solved these challenges - which are increasingly critical as regulations, organizational expectations and personal liability put more and more pressure on security leaders?
Firstly, we built a data model using cutting-edge big data engines. This allows us to automatically consolidate, rationalize, enrich and normalize data drawn from the entire security stack. All tools, all assets - users, applications, repositories, servers, Kubernetes and compute - across all cloud environments and on-prem solutions. Everything. The end result of this stage gives us a single common data language to work with – overcoming the issues of disparate data structure and formats. This model is also, of course, adaptive – it can change over time as needed and as stack or data parameters evolve.
Then, we developed a methodology to reduce noise, add business context, and help CISOs decide what they need to measure based on their own policies. What does this mean? Well, it’s actually really hard to know what to measure, how to visualize, and what counts as ‘good’ or ‘bad’ KPIs. It’s important to measure what matters, as well as what you want to improve. With SeeMetrics Cybersecurity Performance Boards, CISOs can see what is actually happening across the organization vis-à-vis each policy. This lets them focus on the gaps and adjust action items based on reality and in-line with relevant business objectives.
By way of simple example, when it comes to vulnerability management, if there are 10,000 assets – which should we scan or remediate first? If we filter based on what we think is important, we’ve already introduced bias and raised risk.
How do we define which time period to measure?
Which assets to include? And if we want to correlate findings from various programs, how do we ensure that we are measuring in the same context?
We organized all of these metrics by security domain in what we call Cybersecurity Performance Boards. This unique feature of the SeeMetrics platform enables both CISOs and their security program heads to measure performance in context, based only on relevant metrics drawn from relevant controls.
What are Cybersecurity Performance Boards?
Our brand new Cybersecurity Performance Boards are a collection of out-of-the box metrics that can be customized to an organization and its policies. They empower security leaders to measure the performance of their technologies, processes, and people simply, seamlessly and continuously in real time.
Organized by security domains, our Cybersecurity Performance Boards include Vulnerability Management, Endpoint Protection, Identity Management, Mail Security, Security Awareness, and Incident Response – with more to be released soon. Each Cybersecurity Performance Board shows security executives and operational teams a centralized and business-aligned view of measurements, metrics, and Key Performance Indicators (KPIs), including trends, risks, and historical context.
Cybersecurity Performance Boards offer a bird’s eye view of overall capabilities and security tools – but also offer explorable depth. Behind every Board is drill-down data that is trackable back to its source.
This makes cybersecurity goals and progress quantifiable and more visible to decision makers – while also helping CISOs clearly communicate progress and trends to different stakeholders.
The Bottom Line
With SeeMetrics’ Cybersecurity Performance Boards, CISOs can – for the first time – enjoy a platform to govern and manage their organization, just like other C-suite and business line leaders.
Definitive, accessible, updated and as high-level or detailed as CISOs need - Cybersecurity Performance Boards empower CISOs to validate security programs and answer tough performance, progress, and budgetary questions.
Now, security leaders can measure their technologies, processes, and people in real time with both a macro perspective and drill-down data. It's a new world of definitive cybersecurity truth that empowers CISOs to measure, analyze, and communicate the performance of their security programs in real time.