We talk about cybersecurity visibility a lot at MKACyber, and, admittedly, it can mean a lot of things depending on your perspective. Generally speaking, we define visibility as a measure of how clearly an organization can see into its own network. It’s obviously very important for a SOC to understand its visibility in order that its analysts know where to look for indicators of attack and what anomalous and potentially malicious network traffic looks like, and, ultimately, so it can detect and respond to cyberattacks. However, executives in the c-suite and boards of directors also require a level of visibility, albeit of a different kind.
At the end of the day, a data breach—or really any major variety of cybersecurity incident—is a board level problem, so the board should have some level of visibility into their information security regime. Of course, the board doesn’t need to understand what a SQL injection is and how to detect it, but what is helpful is to offer the board visibility via metrics that matter.
By default, our W@TCHTOWER SOC enablement engine generates a bevy of metrics, metrics that are specific to each organization’s security maturity and threat model. Not only can we generate statistics that are tailored to serve each individual organization’s needs, but we can further customize W@TCHTOWER SOC metrics to fulfill needs at every level of the organization—from the SOC floor to the board room and everything in between.
One of the things we pride ourselves on is providing metrics that matter. As such, we don’t exclusively measure success through time-to-detect because there are so many other important metrics out there. Sure, we can measure time-to-detect and provide rich statistics around if a customer asks for it, but W@TCHTOWER also empowers the board room and executives with security information they don’t generally see.
In a sense, insights derived from W@TCHTOWER demystify security operations, taking the esoteric subject of cybersecurity and boiling it down to measures that are easy to visualize and understand. We offer security maturity matrices that give grades to a security department based on their ability to detect specific types of attack. We offer statistics that demonstrate visibility gaps, helping show security leadership where their program is strong, where it is weak, and how it can be improved. In the end, W@TCHTOWER insights translate cybersecurity information into business-focused language that executives and boards of directors can understand and upon which they can act.
W@TCHTOWER offers executives a snapshot of the current state of their organization’s security posture: what’s working and what isn’t. In this way, they can see the returns on their investments—or the lack thereof—and they can make educated decisions about where they need to spend more money and where they can save money by cutting spending on unneeded tools. At the end of the day though, security is really about protecting the organization from potentially damaging cyberattacks, and W@TCHTOWER clearly and plainly illustrates how an organization’s security team is performing in ways that resonate with business-focused boards of directors and executives.
The board should never be caught off guard by a major security incident. W@TCHTOWER empowers the people at the top of the business with the information they need to visualize their organization’s security abilities and intervene to improve their security posture when necessary.