When I talk to security leaders about their most challenging issues, one topic that always seems to come up is how to judge the effectiveness of their technology investments. Of the many options out there – from number of days without an incident to the efficacy of particular security products – I believe the concept of time provides an interesting and compelling way to view the security needs of a modern enterprise.
As a general rule of thumb, we need to recognize that networks need to be fast and they need to be secure. To truly accomplish this, we need to understand that time is a critical factor. It is the speed in which it takes your network to respond to a threat that means successfully thwarting an attack or getting owned; and unfortunately, the velocity, volume and impact of these threats continues to grow at a rapid rate.
There are several different ways to think about time as it relates to security.
Ensuring the Network is Fast and Secure
First, time relates to the performance of security solutions, especially as they pertain to the network. Even the most innovative security solution is useless if it produces a significant drag on either network or end-user resources. Companies must evaluate the performance needs and abilities of their security infrastructure and ensure that they don’t excessively slow down traffic or affect the quality of service. The faster that packets can move securely through the network, the better.
As companies deploy new security technologies, understanding the impact on overall network performance should be a very important factor in the decision-making process. To make the right investments, they should have a clear understanding of the network performance needs today and in the future.
Response to Threats
When a threat, like newly identified malware, hits the scene and becomes known by security researchers, companies want to know as soon as possible so they can take action at security enforcement points in the network. The amount of time from discovery to enforcement is a key factor affecting whether a company will be compromised or not. However, the lion share of emphasis has been put on discovery and forensics via SIEM or other analytic means. There is less focus on how that information makes its way to enforcement points throughout the network. Companies must evaluate how quickly they can make this happen.
Another element where time is the most relevant metric is when patching vulnerabilities. For example, ensuring that security operations teams are able to quickly test and deploy patches is key. While widely known, using time as a metric for this important process is a critical part of any security program.
Operations and Maintenance
It takes time to grow, scale and change security and networks. Operational expenses associated with security can add a significant cost to security teams that are often understaffed. Configuring and updating security policies when provisioning new apps, system maintenance and other operational tasks takes time and resources. Finding ways to automate the management of as many of these tasks as possible can significantly reduce the time and operational expense, giving security teams additional time to focus on managing more complex security risks and challenges.
In security, time can be the most important element to reducing risks, because when bad actors have a business in their sight or an unfortunate error occurs and leads to a breach, companies want time on their side. The time savings that is generated from fast equipment, faster response time and automation means substantial operational efficiencies, or better yet money.