2nd Edition

Tracking the trends and news for IT and IT Security

Paul

How detection posture management can help CISOs track the right metrics

How detection posture management can help CISOs track the right metrics
SC Magazine – Michael Mumcuoglu
ecurity leaders have typically tracked metrics such as mean time to detect (MTTD) and mean time to respond (MTTR). according to anonymized and aggregated data from diverse production SIEMs, including Splunk, Microsoft Sentinel, and IBM QRadar â encompassing more than 14,000 log sources, thousands of detection rules, and hundreds of log sources â our analysis found: On average, enterprise SIEMs contain detections for fewer than five of the top 14 MITRE ATT&CK techniques employed by adversaries in the wild. Fifteen percent of SIEM detection rules are broken and will never fire, primarily because of fields that are not extracted correctly or log sources not sending the required data. Only 25% of organizations that forward identity logs to their SIEM, such as Active Directory and Okta, actually use them in detection rules â meaning theyâre likely to miss top ATT&CK tactics like Privilege Escalation and Credential Access. Seventy-five percent of generic out-of-the-box detection content provided by SIEM vendors is disabled because of noisiness and customization challenges experienced by detection engineering teams. And according to IDC, 20-30% of all alerts are simply ignored or not investigated in a timely manner, often from classic âalert fatigueâ caused by too many noisy alerts.

Detection posture metrics should let security teams confidently answer important questions about risk such as âHow exposed are we?â in a programmatic manner. And they should base the metrics on standard frameworks like MITRE ATT&CK, which has now become the lingua franca of threat-informed security operations.

Effective security leadership requires working with the business to support new initiatives, communicate risks, and minimize threat exposure.

With limited resources, it also becomes important to maximize staff efficiency by identifying and prioritizing top use cases that will deliver the most value â and selecting outcome-driven metrics to both justify security budgets and drive continuous SecOps improvement.
Link: https://www.scmagazine.com/perspective/threat-intelligence/how-detection-posture-management-can-help-cisos-track-the-right-metrics

Categories:

Tags: