Unleashing Cybersecurity Excellence: Measuring Effectiveness with the Security Data Lake

Unleashing Cybersecurity Excellence: Measuring Effectiveness with the Security Data Lake


ASSYST's OnPoint xChange Data Dialogs presents excerpts from an insightful conversation between Vinay Shirke, ASSYST CIO, and Eugene Goldlust, Senior Account Executive, with a special focus on Cybersecurity.? In their first exchange, Vinay and Eugene spoke about how a Security Data Lake (SDL) solution improves holistic Threat Intelligence for organizations by providing Actionable Insights. They discussed how an SDL could enhance and provide complete visibility to system stakeholders that are filtered out or missing from a SIEM solution, a traditional data warehouse, and the multitude of other third-party security endpoint tools that organizations deploy. Their first exchange can be read here: LinkedIn ASSYST OnPoint

Vinay oversees Cybersecurity Programs for Federal, DoD, State, and Local governments. He leads a team of Program Managers, Architects, Cyber Risk Advisors, ISSOs, and Data Scientists engaged in Cyber defense, operations, and offensive projects.

Eugene has over 15 years of experience in enterprise programs that involve DIACAP C&A and RMF A&A ATO processes. He is an expert in physical security, having served as a law enforcement professional, and holds a Master's in Cybersecurity. He is interested in helping Government Agency leaders, CISOs, and cybersecurity decision-makers uncover and embrace holistic security data potential, resulting in improved security measurements and elevating cybersecurity excellence for their strategic and tactical operations.

The Security Data Lake is reshaping cybersecurity measurements and effectiveness. This discussion uncovers how data-driven measurement empowers superior outcomes. This segment will highlight ASSYST CIO Vinay Shirke's perspectives on the profound impact of data utilization on measuring cybersecurity effectiveness. Real-world outcomes, from breach containment to vulnerability management, illustrate the tangible benefits. To Government Agency leaders, CISOs, and decision-makers, the path to excellence lies in embracing this data-centric approach. Unlocking cybersecurity excellence requires a data-driven approach.

Eugene's conversation with Vinay reveals how the Security Data Lake transforms measurement effectiveness. Specific examples, from vulnerability management to threat detection, showcase the power of this technology. Government Agency leaders, CISOs, and decision-makers now have a roadmap for measuring and enhancing cybersecurity programs. Let’s get right to it.


Eugene Goldlust: Thank you, Vinay, for meeting with me again. Let's plunge into where we previously left off on Security Data Lakes. Can you tell me how a Security Data Lake empowers organizations to measure the effectiveness of their cybersecurity programs?

Vinay Shirke: Hi Eugene, nice to chat again.? As you are aware, every agency implements an IT policy that enhances the safety and resiliency of their systems and networks.? They implement Cybersecurity Programs to adopt and operationalize mandates, policies, and standards, such as the Federal Risk and Authorization Management Program (FedRAMP), regulations and laws, such as the Federal Information Security Modernization Act (FISMA), and Presidential Executive Orders, amongst many other security requirements. As a result, organizations deploy many tools to meet security program requirements but still need an effective way to measure results. The Security Data Lake is a game-changer in this realm. It enables data scientists and analysts to navigate through a large amount of security data to identify data sets of emerging data patterns that provide valuable insights into the cybersecurity threats targeted toward the organization’s IT infrastructure. These data sets are made available in a more structured way to the downstream consumers through Data Lakehouse. Security analysts generate a more holistic threat intelligence by analyzing and correlating these datasets. Organizations can measure effectiveness by defining metrics and Key Performance Indicators (KPIs) that track the progress of the organization's ability to make data-driven decisions to mitigate and respond to threats, protect critical assets, and minimize the impact of security incidents. These are the true quantifiable indicators of program effectiveness.


Eugene Goldlust: Thank you, Vinay. So, a Security Data Lake is not a replacement for the already deployed tools but a necessary addition to gathering insights, holistic intelligence, advanced data analysis capabilities, and measurements of Cybersecurity Program effectiveness. Can you provide specific examples of how data utilization from the Security Data Lake drives effectiveness measurement?

Vinay Shirke: Certainly. Security Data Lake is not a replacement for the security tool sets that are deployed by the organization. In fact, it complements the investments made in the tool sets. As you know, these tool sets are producers of large data (unstructured, semi-structured, and in some cases structured data), which is housed in the data lake in its native format. As I mentioned earlier, data scientists and analysts now have access to all the data generated by the security apparatus. It enables them to apply data science and Artificial Intelligence (AI) principles to navigate through a large amount of data and isolate the datasets that reveal certain patterns that could potentially provide valuable insights into the cybersecurity threats, which was almost impossible to achieve with traditional data warehouses.

Let's take an example of vulnerability management. By analyzing hardware and software asset management data sets from the Security Data Lake or Security Data Lakehouse, organizations can measure the time it takes to apply critical patches to all the organization assets after they are released by the vendor and by calibrating these measurements against your established metric. The alignment or deviation will directly reflect on how well a cybersecurity program responds to emerging vulnerabilities. A progressive improvement in this area signals increased effectiveness of your cybersecurity program.

Eugene Goldlust: That's a tangible example. What role does data science play in measuring maturity using data in a Security Data Lake?

Vinay Shirke: Maturity assessment is crucial, and data scientists play a pivotal role in the success of our cybersecurity strategy.? As more and more security data sources feed into the data lake, there is a data explosion happening in the data lake. It is humanely impossible to manually analyze this large amount of data in a timely manner to derive actionable insights.? This is where the power of AI and Machine Learning (ML) comes into play. Data scientists employ trained AI/ML models, often powered by algorithms alongside statistical analysis and behavioral analysis techniques to identify and isolate data sets that could provide valuable and actionable insights. This leads to reduced successful cyberattacks, minimized data breaches, early detection of insider threats, and a lower financial impact in the event of security incidents, which is a true measurement of the maturity of an organization's cybersecurity program.??

Eugene Goldlust: Clear and compelling real world use case examples Vinay. Can you elaborate on how Government Agency leaders, CISOs, and decision-makers can implement this approach effectively?

Vinay Shirke: Absolutely. I would begin by defining specific metrics that are aligned with the organization's cybersecurity program goals. Define KPIs for each metric that aligns with its objectives. For instance, define KPIs in the areas of Threat Detection and Prevention, Vulnerability Management, Compliance and Regulatory Requirements, and Incident Management. Ensure that the raw data generated by your security apparatus is sourced into the security data lake. Enable data scientists to analyze and create metric specific datasets. Create dashboards using these datasets to track the progress and success of the organization’s cyber security program. Lastly, involving cross-functional teams in reviewing and adjusting these metrics ensures a holistic approach to measuring and enhancing cybersecurity effectiveness.


Eugene Goldlust: That’s good insight, Vinay, on implementing and improving metrics for cybersecurity program effectiveness. Thank you for sharing your wisdom. To summarize, mastering cybersecurity program excellence starts with security data-driven measurements. Can you elaborate on the specific role of the Security Data Lake in shaping these data-driven measurements?

Vinay Shirke: Certainly. The Security Data Lake is a central hub or repository for diverse cybersecurity data sources.? All the security data is ingested, managed, processed, and governed at scale, allowing for reproducible analytics and threat intelligence. This consolidated repository allows organizations to quantify effectiveness through concrete metrics. As I mentioned earlier, data scientists and analysts now have access to all the data generated by the security apparatus. It enables them to apply data science and Artificial Intelligence (AI) principles to navigate through a large amount of data and create datasets that provide visibility into the effectiveness of Threat Detection and Prevention, Vulnerability Management, Compliance and Regulatory Requirements, and Incident Management through defined metrics and KPI measurements. These data driven measurements are instrumental in the success of the organization’s cybersecurity program, and the security data lake certainly is an important investment that organizations make to secure their digital assets.

?Eugene Goldlust: Thank you for the clarification. Can you provide one or two tangible examples of how data utilization from the Security Data Lake translates into real-world outcomes?

Vinay Shirke: Of course. Let's explore data breaches. Organizations can track the time to contain and mitigate a breach by analyzing historical and real-time data from the Security Data Lake. This data-driven approach showcases how the cybersecurity program effectively minimizes the impact of a breach, ultimately safeguarding sensitive information and minimizing financial loss. For vulnerability management, organizations can measure the time it takes to remediate critical vulnerabilities, shedding light on program maturity. The decrease in remediation time indicates proactive prevention and reflects a higher level of maturity.? That’s just a small real-world example of the benefits of having holistic security data insights at your fingertips.

Eugene Goldlust: Vinay, your practical guidance on cybersecurity has been invaluable. I am eager to continue our discussions on this topic. Thank you.

?

ASSYST's Cybersecurity Services

We provide CISOs and Business Leadership with capability in risk management, policy and compliance, vulnerabilities, knowledge management, data management, project management, and talent management. ASSYST's unique ISSO-as-a-Service (ISSOaaS) provides adaptable security professionals knowledgeable with industry best practices to support your organization's Cyber Mission Assurance. We apply industry best practices and standards, including NIST CSF, FIPS-199, RMF, PMBOK, ISO 27001, ISO 20000, ISO 9001, and CMMI. Additionally, we support Cybersecurity programs for the Centers for Medicare and Medicaid Services (CMS), Department of Defense (DoD), Defense Human Resources Activity (DHRA), Department of State (DoS), Department of Interior (DoI), US Securities and Exchange Commission (SEC), and several State and Local Governments.

To start the conversation about your Security Data Lake initiative, connect with Eugene Goldlust and Khalil Zebdi.


要查看或添加评论,请登录

社区洞察

其他会员也浏览了