Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Elephant in the Doggy Door (Redux) – The Importance of Process Optimization

Back in 2015 I wrote an article, right here in SecurityWeek, about process parity. It was a riff off the old adage “garbage in, garbage out”. It seems that the article from nearly 5 years ago continues to age well, but rather than be excited about that, I’m a little disappointed. Allow me to explain.

Back in 2015 I wrote an article, right here in SecurityWeek, about process parity. It was a riff off the old adage “garbage in, garbage out”. It seems that the article from nearly 5 years ago continues to age well, but rather than be excited about that, I’m a little disappointed. Allow me to explain.

If you know me, or have worked with me at all, you’ll know I’m a process nerd. I get it, that’s not necessarily ‘cool’ in cyber security, but it’s what my brain gravitates to. Remember that slide that everyone had at one point in their presentations (guilty…) that said “People, Process, Technology”? I still have it, if only to remind people that we’re still not getting process right.

Technology has advanced tremendously. Nobody is going to dispute that. But we’ve not got entire market segments that are tools built to – wait for it – integrate and operationalize other tools. I feel like that’s a failure somewhere along the line if you’ve designed tech that doesn’t work well with other tech. Maybe it’s just me.

People still don’t scale, and now we’re short on talent to hire. Listen, even if you could hire an infinite number of security professionals, they don’t solve the problem we actually have. The problem we are increasingly seeing in cyber security is the space between systems. If you’ve got 10 different screens where alerts are being generated and screaming at you – there isn’t a meaningful way to make sense of those screens without integrated technology. Humans simply can’t do the job, and process optimization is literally the only way you’ll find the real baddie in all that noise.

So now we’re back to process. Process, or in some cases it’s cousin “integration”, is a necessary thing you can’t survive without. In a world where data is measured in PETAbytes, you have zero hopes of finding the needle in a stack of hay 10 miles high.

So it’s mid-2020, and we’re still talking about process parity where the expectations of output and the reality of input are wildly mismatched. Let’s talk through a specific example or two…

In a recent conversation with a new customer’s security team we started talking security requirements. The customer’s team indicated they were dissatisfied with their technology, because “it wasn’t producing results”. My ears always perk up when someone blames the tech for lack of results, so off we went. The reality was some consultant told them to “log everything” and then feed it into a SIEM and that SIEM would find all the badness. So the tech wasn’t doing its job, or so the customer believed, and they were looking for alternatives.

Well, my first questions were around what they were logging, how often it was reviewed, and how optimized for to the “things they were trying to find” their logging was. As you can imagine I received a bunch of blank stares, even over a Teams meeting. It’s crazy to me how many people still see their SIEM as some magic box that takes lead and turns it into gold. That’s not how any of this works.

Advertisement. Scroll to continue reading.

So after the discussion of log input into their system, I started asking questions on data enrichment, triage process, workflow, and automated response. More blank stares. I could see that technology likely wasn’t the problem here.

Another example deals with vulnerability scanning and management. To summarize that one, it’s not productive to scan repeatedly and wave your arms when the post-scan process involves spreadsheets, email, and hopes. Process is required, and if you want results it’s strong, refined, and optimized process that’s required.

So security is still suffering from an elephant in the doggy door. We’re shoving ugly things into systems and expecting magic out the other side. We’re expecting that data turns into automated action with no human interaction – that’s just not realistic. I’ve said it before, I have seen the movie of how that world looks, and I don’t like how it ends.

Let’s get real, we need process optimization. Today more than when I wrote that article back in 2015. I think we continue to be sold magic boxes (albeit now they’re virtual) and snake oil that’s going to solve our people problem. We’re told we don’t need to focus on process is we only buy this latest widget. I promise you, if you’re not allocating time to develop strong operational process – integrations and workflows – you’re never going to solve the problem you’re trying to solve.

RelatedCISOs Suffering From Increasingly Complex Workload

RelatedAre Overlapping Security Tools Adversely Impacting Your Security Posture?

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem