As the global threat landscape evolves and security resources remain limited, security leaders have had to re-think historic approaches to security risk assessments to meet the demands of unpredictable threat environments and ever-changing business needs.
Forward-looking security practitioners are now leveraging data to conduct quantitative, data-driven risk assessments, reducing the need for global travel among their teams and resulting in real-time risk data that has a meaningful impact on security operations, business investment, and resource allocation.
As security functions take this leap and teams begin to leverage multiple streams of security data to measure risk, one pain point is proving harder to overcome than the rest: device data.
Device data tells security practitioners what kind of technical security controls are in place and how well those controls mitigate against any variety of security threats. While a standard site assessment might determine whether or not a site is equipped with a type of security system, it is only with device data that we can determine how well those systems are functioning. Without actionable device data, it is nearly impossible to accurately measure risks posed to company assets.
As HiveWatch teams work with our customers to untangle device data, some key trends have begun to emerge.
Here are the three most common reasons device data is difficult for security practitioners to leverage:
Disparate security devices are the norm
As many security leaders will tell you, it is not uncommon to have multiple security systems and device types monitoring assets at the same organization. Security teams often inherit disparate security systems across their portfolio, which results in noticeably different reporting capabilities and data types available from those devices. This variance in device type and subsequent data output makes it a challenge to collect, standardize, and analyze device data in meaningful ways.
Devices are not appropriately configured to collect relevant data
For security practitioners with less technical knowledge, it is easy to assume that security devices are configured to collect as much relevant information as possible. This is not always the case however, and devices often require unique configurations to optimize data collection and reporting capabilities. Security teams may be losing out on years of impactful security data if devices are not appropriately configured at installation.
Systems data is unstructured and overwhelming
Device data, in its unstructured, raw form is nearly impossible to manage without the support of technical resources to clean, query, and visualize the data. While there are proactive steps security professionals can take to ensure device data is usable, teams looking to leverage this data will always require the support of analysts to facilitate meaningful, quantitative security analysis on otherwise unruly datasets.
"Security teams often inherit disparate security systems across their portfolio, which results in noticeably different reporting capabilities and data types available from those devices. This variance in device type and subsequent data output makes it a challenge to collect, standardize, and analyze device data in meaningful ways."
As the Director of Account Management and Security Advisory at HiveWatch (and self-appointed risk assessment nerd) I have seen how HiveWatch software not only enables end-users to effectively do their jobs, but also how designing HiveWatch software with clean data collection, analysis, and reporting functionality has allowed security teams to leverage their own device data far beyond its obvious applications.
If you are interested in learning more about how HiveWatch is helping organizations wrap their arms around device data, please feel free to reach out or request a demo here.