2nd Edition

Tracking the trends and news for IT and IT Security

Paul

Understanding and Defining Practical Security Operations Metrics

2022-03-Understanding-and-Defining-Practical-Security-Operations-Metrics-social-1200x627-1.pngUnderstanding and Defining Practical Security Operations Metrics>
Netskope Blog – Jason Barnes
A recent SANS survey showed that 77% of security operations centers indicated that they provide metrics to gauge status and effectiveness of SOC capabilities. That represents a 50% increase in SOC metrics programs over the past five years. However, 33% of survey respondents indicated dissatisfaction with their metrics.

Data feed health The first measure to take is which monitoring points are down. However, just because itâs up doesnât mean all is well. Coverage For your coverage measurements, tracking the absolute number and percentage of coverage per compute environment/enclave/domain is a worthwhile place to start. Coverage is always a moving target. There will always be more stones to turn over. There is always another environment to cover or a customer to serve. Scanning & sweeping At the basic level, you are probably scanning on-premise & cloud assets for vulnerabilities. You should measure the number and percentage of known bugs, as well as the amount of time it took to compile vulnerability and risk status during your last critical headline CVE fire drill. Analytics & analyst performance Be thorough in your coverage, documentation, and standards of output. All the triage effort in the world is useless if something is missed, or worseâfound but not communicated completely and accurately. Incident handling The next category of metrics includes analyst performance and incident handling measures and are typically time-based. To reiterate my earlier word of caution about time-based metrics: these analytics should have a quality control mechanism baked in to ensure the work is being done well and the metrics are not being gamed. Top risk areas & hygiene What can you tell system administrators about your scanning and patching effort results. What code signing enforcement risks and mitigations would you like to convey to developers?
Link: https://www.netskope.com/blog/understanding-and-defining-practical-security-operations-metrics

Categories:

Tags: