There are many problems in the security space. It is a threat environment that constantly changes. To be an effective business executive, or a meaningful security leader, in an organization requires vigilance and a keen understanding of this ever-changing environment.
In an ever-evolving threat-space, there are definite ways to optimize security postures and security plans with better, effective reporting.
A proper dashboard is key to summarizing the data from a monitoring solution, and here are 5 critically–important aspects and qualities to have and maintain in a security dashboard:
1. It covers core metrics.
This may be obvious to some, but we’ve seen too many dashboards out there that fail to cover core metrics. At minimum, your company’s monitoring solution should report out the core operational metrics such as:
- mean time to detect (MTTD) a threat
- mean time to resolve (MTTR) a detected threat
- the average intrusion attempts per month
- the percentage of devices on any particular patch or version of critical detection or prevention software.
These are all mission critical because without understanding MTTD, you can’t improve on noticing threats in the first place. Without MTTR, you likely fail to improve your ability to mitigate and reduce threats once detected.
Knowing how often and how much your company experiences an intrusion keeps you up to date on how much threat you regularly experience. And watching patching cadence closely helps you know how effectively the organization responds to and maintains its protection posture.
2. It is insight-driven.
You can always view lots of data, but too much data can add to confusion. An insight-driven and designed dashboard requires that the data are displayed, compiled, related, contrasted, and more in order to help support and empower decision-making.
One way to ensure this is to ask what questions you will most want to answer about your security system, or about your strategy. With some questions in-mind, determine whether the dashboard properly provides information that could help answer some of those questions.
For example, consider if security training for [non-security] staff members is critical to your security strategy. The dashboard should at least display what subjects or skills the staff were best at, and which were their weaknesses. From this information, you can weigh whether to invest more into training or into defenses against threats that staff are weakest against.
3. It is flexible.
One should be able to explore the data and ask questions about it, and the more “live” and dynamic the dashboard can be, the better.
A solution can be considered “flexible” when it can allow leaders to drill-into the data and see what patterns might emerge.
Consider how the data reflect common questions you’re looking to answer. Try some of them out and see if the dashboard solution allows you or your team to explore related data and reveal more details. Then see if those details add context and possibly speak to a few insights and answers.
For example, say you track time-to-detect [a threat] and want to understand if there are ways you can improve on this metric. Ideally the dashboard would allow you to compare average time-to-detect across time periods, and reports about threat simulations or other training. Having these extra details would allow you to evaluate whether running simulations frequently helps to reduce time-to-detect and compare success over time.
4. It should be relevant.
Categorizing data and their insights into specific (and key) aspects of a security plan, or a set of security controls, can make the dashboard well-organized for faster decision-making.
One way to approach this is to divide up the security plan into component parts. Then, from these components that support the overall plan, take the goals or key questions that each component should answer for and choose the data that support answering those questions. If there’s any further reason to categorize or organize the data any more than that, definitely do so.
For example, say you want to determine the answer to how vulnerable your company’s network may be at any one point in time. From there, consider how to measure vulnerability – there are a few good ways, but for this example let’s simply say it’s a function of how updated the devices are on the network (firmware, patches, etc) and how many devices are currently on the network. From there, the system would track patch updates, firmware updates, and other software updates as a group and track the number of devices by device type and location across the network. Using these categories of information, one can compare the data to determine if some devices are out of date and at-risk.
5. It should provide clarity.
Clarity is vitally important. Security is now yet another part of business that involves a lot of data. With diverse data comes a requirement for having clearly listed and clearly identifiable metrics, and their insights, close at-hand. Providing clarity in all forms can make security reviews, audits, and planning much faster.
Two excellent ways to maintain consistency and clarity are:
(a) to keep and update a security plan that includes clear definitions of all metrics and their associated data and,
(b) to keep and update a manual or similar documentation about the monitoring solution and dashboard itself.
Having the former can ensure that security teams, regardless of who serves on them, continue to communicate using the same definitions and can make on-boarding new security team-members faster. Having the latter helps reduce mistakes in the data and any reports produces by the monitoring system.
For example, a security plan should clearly define both what specific terms mean, such as time-to-detect or time-to-resolve, as well as what relates to these definitions, such as the process for how to patch some software on the network. Then, the plan or a supplemental manual should include where to find such information on the reports or dashboard provided by the monitoring system.
Ensuring that any monitoring system and dashboard demonstrates each of these important aspects can both save time in defending against harmful threats, as well as improve the speed of decision-making about security concerns. Guaranteeing that the fundamentals are done correctly can be the difference between suffering a serious attack and surviving one.
If you’d like to learn how to ensure your cybersecurity dashboard has the right aspects for your company, contact us here for more information.
Share this Post