It's a common story for security operations; Cost, complexity, and staffing shortages create limits about how thorough a security team can be when defining what goes into creating their security posture.
Every CISO I have spoken with acknowledges this gap. The challenge has always been to align what data their teams are using with the most probable targets and methods of attack. I would contend however, and I think most CISOs would agree, that it is nearly impossible to know what data and which sources are relevant until an attack is identified.
Hence the title of this blog.
A security organization responsible for protecting their company's brand, their client's information, and their own jobs can only achieve frequent success in their mission through increased visibility across their entire business (every unit, every affiliate, every partner).
If Atlas did not already have enough on his shoulders, newer regulations including CCPA and GDPR limit the acceptable rationalizations for a breach, and how much time an organization has to fully disclose the details.
Boards are not authorizing CFOs to open their wallets to help either. From my experience, even companies that have suffered a breach who are more likely to allow heavier spending on security (reactive) have not been able to address the underlying issues. Too much information, minimal predictability, too few people to manage and watch it all.
One of the simplest ways to help mitigate the visibility problem is to deploy federated security searching; a capability that is delivered in a container, requires zero data movement or migration, and already uses STIX so security practitioners can easily create queries and use the output without time consuming traditional query tools or data scientists.
Gaining visibility to the things you cannot see is the first step to a more complete security posture.
Recently, I co-authored a white paper on the topic with Jeff Crume titled "The Case For Federated Security Search", available for download here by clicking the below link.
With a path towards progress on visibility, we can move to the next lesson: Analytics are only the beginning.The_Case_for_Federated_Search.pdf