Excellence in Security Operations: Monitoring, Monitoring, Monitoring

Each process has a goal to be achieved through a series of tasks that are being performed, usually in a continuous manner. A division responsible of tens of operations and hundreds of processes requires definitely a close and accurate monitoring and measurement of each process output in a timely manner. In this sense, monitoring is a key factor in achieving excellence in any operation and process. 

Based on our experience in Comodo Threat Research Labs, there are mainly 3 main perspectives we’re implementing for a perfect process monitoring in order to achieve excellence in our operations: 

1- Process efficiency: It’s basically the input and output of the process. It relies on the comparison of the number of inputs a process is getting, and the number of successful outputs it is delivering. The realtime tracking of that measure is the first step towards monitoring and starting to manage an operation from an efficiency perspective. 

2- Analyst efficiency: the process may be composed of different steps, or same steps may be performed by different analysts independently. Either automated analysts (bots) or human experts, this second level of monitoring the process is measuring is per analyst. That monitoring provides visibility into segments of the process. The measurement collects all relevant actions of analysts, thus a refined evaluation of efficiency is possible. As overall, this measurement will enable granular monitoring, by enabling tracking of different analysts performance independently and any step or analyst that need improvement would be identified. 

3- Process contribution to overall operation: The last measurement and monitoring of the operation would be performed from a realistic contribution perspective to the operation. It’s not only how fast or effective the process is done, but how effective it is in creating value for the operation. We need to do things right, but we need to do right things as well. This measurement would take the final results of the process as its input and find out how does it help to the overall goal of the operation as an output. The evaluation in most cases would need data from external entities, such as user data, other processes in the same operation or in some cases other operations. And the measurement would be based on the comparison of the output of the process and the true benefit gained by the utilization of this output. 

As an analogy, the first measurement would show how fast a ship is sailing, and the second how good marine technicians or machinists would performing their tasks so that ship sails. The last measurement will help to understand where the ship is navigating, and whether the destination is the desired one. Without having the right route, efficiency or hard working would not help to reach the destination. 

We experience that perfect implementation of these 3 measurements always leads to operations and teams to succeed.