In a fast-changing world, stopping to assess your success isn’t really an option anymore. It is increasingly important that security teams are constantly proving their worth and tracking their successes with a view to constantly improving so as to not to get caught behind the times and therefore exposed.
How to Make Sure You’ve Got the Momentum You Need
I’d like to propose that you keep a close eye on your “speed of security” and set your sec-ops team up to be Olympic-quality security athletes who are able to run faster and longer than the competition. If you want to win the race against the bad guys, however, you’ll need to make sure your security program includes plenty of watching the stopwatch so that you know you’re always on the right track and making the right adjustments to your regime in order to keep on winning. Let’s have a look at four example measures you can start with.
Time to Patch
In your vulnerability management program, Time to Patch, the measurement from when a vulnerability is first discovered through to the time it’s ultimately resolved, is a key measurement. This statistic seems like “common sense” to many. But reporting on this stat requires some planning about how to best present an accurate picture of your security activities. For example, you’ll want to consider how to best evaluate this data when a project results in a large number of new devices getting added to your network. This increases the surface area for vulnerabilities, which can take away vital time from your team who may already be working to patch older vulnerabilities that remain on the estate. You will also want to consider how you can report on exceptions for long-outstanding vulnerabilities where applying a security fix can’t happen due to other operational needs or third-party dependencies. To be successful with this metric, you’re going to need to leverage your tooling over time. A regular vulnerability assessment and a patch management system should ensure you have the information you need and the ability to respond to vulnerabilities in a timely fashion.
Time to Reconciliation
For File Integrity Monitoring, capturing the Time to Reconciliation will help you measure how long a change goes unreviewed or can’t be tied to an approved change request. It is another simple but powerful metric to ensure that a change that could potentially reflect a breach within your infrastructure doesn’t go unnoticed. Much like the Time to Patch measurement, setting a good pace on your Time to Reconciliation stats will require you to leverage the tools that track changes in your environment. If your File Integrity Monitoring solution can gather existing data from your Change Management system, you should be able to automate much of the reconciliation workflow, leaving you to focus on a smaller percentage of the changes detected by your FIM tool and thus giving you a head start on the race to reach 100% understanding of what’s going on within your network.
Compliance: Stability and Improvements
Measuring hardening through CIS compliance policies is another great way to ensure you’re ahead of the curve on your security program. For compliance improvements, I like to measure both Stability in Compliance and Improvements to Compliance. Together, these measurements help to make sure you’re not taking your foot off the accelerator and that you’re not pumping the brakes regularly, thereby costing you speed in the race to beat intruders. For this measurement, Stability in Compliance is all about making sure that anything you’ve hardened remains that way by tracking any degradation in your compliance stance and rectifying it quickly. Again, we’re interested in making sure that responses are swiftly dealt with. Once you’re confident you have achieved a steady compliance state, you can start to think about how to expand your compliance hardening with programs for continuous improvement, giving you further opportunity to get ahead of any threats that might be lurking on the horizon. For your improvement tracking, I’d recommend measuring against specific areas of compliance, such as account hardening, or by platform. This will allow you to run through short improvement sprints for specific compliance goals that keep you from getting caught in the slow lane. It also enables you to constantly look forward to the next race to win.
Pacing Yourself in the Security Marathon
Winning the race is never easy, but with constant improvements to your processes based on carefully considered measurements of your performance, you too can have a quality team who give it their best every time.
