Five Tactical Security Metrics To Watch

  /     /     /  
Publicated : 22/11/2024   Category : security


Five Tactical Security Metrics To Watch


Wondering how secure the corporate network is? Heres five operational security metrics that can help. First of a two-part series



Ask security professionals for a list of important metrics, and expect to get a long list with much debate. Yet information security managers need a way to keep track of their progress on securing the network while watching out for potential threatening situations.
Good metrics can help define the fight. While many professionals might argue that its better to have as much information on the security of their networks as possible, too much information can blind practitioners to what is going on, says Mike Lloyd, chief technology officer for network monitoring and discovery firm RedSeal Networks.
You dont have to have, nor want, a dashboard like an airplane, he says. You want a dashboard thats more like a car.
In its own dashboard for clients, RedSeal goes to one extreme: a single overall score for network risk. Drilling down on the score is what reveals the specific metrics that make up the score. A network map and two top 10 lists round out the dashboard.
Verizon and its managed security practice focuses more on incident metrics. Tracking what goes wrong can help an IT manager figure out where to allocate resources, says Christopher Porter, a principal of Verizons RISK team.
The types of incidents that you have in your organization are kind of indicative of the people, process, and technology that you have in place, he says.
Here are five recommended metrics:
1. Your ignorance
From Sun Tzu to Donald Rumsfeld, military generals interested in security are always worried about what they dont know. Security practitioners should take a page from their playbooks, RedSeals Lloyd says.
While measuring what is unknown may seem at best an oxymoron and at worst an exercise in futility, its both doable and important. Comparing the picture that different groups have of the network can lead to finding parts that one team knows about and another team does not.
You have to be able to survey they terrain, Lloyd says. If you cant tell, as a CISO, how big the gaps are in your knowledge, then you are in trouble.
By counting the anomalies between sets of asset data and tracking that number, an IT security manager has a good idea of remains to be discovered.
2. Attack surface area
Once a network has been mapped, companies can then attempt to find the paths into the network that an attacker might use.
The overall black-box measure of a system or network can be expressed as a rating of the attack surface area -- a measure to be minimized. If the network is a chess board, then the systems in the network are chess pieces, Lloyd says. If any are left open to attackers, they can be compromised.
You can take any given asset and figure out how easy it to get in, Lloyd says. A vulnerability scanner is a great way to assess the network chess board. It knows about an awful lot of pieces.
3. Incidents over time
When incidents happen, whether router misconfigurations or actual attacks, those should be tracked as well, Verizons Porter says.
Tracking incidents can help security manager to get an idea of how aware the team is of potential issues before they become problems.
If I start collecting my incidents and I can see the types of incidents that are affecting similar organizations, I can see my weaknesses, he says. I can see if my resources are making those incidents go down.
4. Vulnerability of critical assets
Prioritizing issues that need action is a necessary part of any security managers job.
One way to triage security issues is to rank them by the level of vulnerability of an asset and the value of the asset. A critical vulnerability in an exposed server holding the companys sensitive customer list is far more important than a low-severity issue in an internal file server.
The question that needs answering is which actions have the highest payoff, RedSeals Lloyd says.
5. Impact of mitigating vulnerabilities
Finally, companies need to be able to look for solutions to problems that may be beneficial to multiple servers and workstations. A good metric to track that positive benefit is to focus on the impact of fixing a particular vulnerability, Lloyd says.
The highest impact I might have is not just by patching the most critical servers over and over again, he says. I want to find a way to maximize the downstream impact of fixing some assets.
Patching a dozen critical servers or updating firewall or intrusion-detection rules? Knowing the impact of each action is key.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Sony, XBox Targeted by DDoS Attacks, Hacktivist Threats ◂
Discovered: 23/12/2024
Category: security

▸ There are plenty of online tools for reporting bugs. ◂
Discovered: 23/12/2024
Category: security

▸ 27 Million South Koreans Hit by Online Gaming Theft. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Five Tactical Security Metrics To Watch