Category Archives: Through Leadership

Why Mature IT Security Requires Analytics

Posted on by

Why Mature IT Security Requires Analytics

Pressure is mounting on IT organizations to swiftly adapt to rapidly evolving security threats. You need to use every tool in your toolbox—especially analytics—to rise to these new challenges.

Too often, we think about analytics in the background. Yet, powerful, responsive analytics are as important as vulnerability scanners, automated testing, or workflow management tools.

Not only can trends and ad-hoc reports answer questions and provide information, but real-time operational dashboards can drive behavior to support secure processes.

Use Real-Time Dashboards to Drive Rapid Response to Security Incidents

The first step to rapid response is the ability for users to quickly prioritize and respond to issues as they arise.

The following example is a quick report built with only a few clicks can show team members their work based on how long they’ve been open. This team leader’s report highlights security incidents that have been lingering for more than one day:

Logged-in users can drill through that report and act immediately. One global IT organization deployed aging reports and had a 30% reduction in stale incidents.

Here, analytics isn’t just a passive process of tracking success, it’s driving improved success.

Analyze Data On-The-Fly to Identify Security Threats

The ability to quickly build ad-hoc reports on-the-fly with a wealth of data is key to investigating issues. You need to have the capability to spot a problem, ask questions, get results, and propose solutions within just a few clicks.

This next report harnesses the power of the CMDB to walk the relationships between CI’s and identify which business services are experiencing the most security incidents:

Looking at that report, it’s easily apparent that two of the most targeted services are both experiencing a lot of incidents related to their web servers.

Another example combines data from two different tables – Security Incident and Assets – to identify which models of assets are experiencing the most security incidents:

Now you are getting past the question of how many security incidents and into the answer of why. Are there specific models experiencing disproportionate issues? Could we improve security by phasing those models out?

Also, are you surprised to see in that example that “Unknown” asset model has the most security incidents? Probably not – that brings us to the last area where analytics drives improved security:

Leverage Analytics to Empower Users to Maintain Critical Reference Data

Data quality analytics bring together driving user behavior and investigating problems.

Data quality is the bedrock of processes because you can’t secure what you can’t see.

By creating a dashboard that shows data owners the quality of the data they’re responsible for, you can both drive improve compliance and resolve underlying issues proactively.

In the following dashboard, part of our pre-built CMDB Quality Application, has two components: KPIs showing the overall success of the data quality process, and a dashboard for owners of business services to see what data issues their services have:

Again, the dashboard transforms behavior, rather than assigning audit tasks on an annual basis that creates a lot of work all at once.

Analytics: The Bedrock of Ongoing Activity to Support Security

Are you using analytics as part of your security toolkit?

Analytics is a road to getting the entire organization working towards the same objectives, shaping their day-to-day activity towards quickly and thoroughly resolving issues with the information they need at their fingertips.

Proactive Analytics with Alerts

Posted on by

If you’re like me, then you want to keep on top of what’s going on. You want to identify problems and opportunities early, and you want to do so analytically.

An analytical solution gives you a wealth of reports and dashboards. You could start your day by reviewing this information. Alas, after a few days you discover that you don’t really have the time to review all those beautiful reports on a daily basis. You need something more proactive. You need alerts!

iphone_alert

Alerts are not a new idea, but they are as important as ever. News alerts can tell you when your company is in the news. Stock alerts can tell you if your favorite stock is on the move. The same idea is true for your business analytics.

Turning Reports into Alerts

Consider these simple steps for converting any report, pivot, or chart into an alerting tool.

  • Define a threshold and only display information that crosses that threshold.
  • Schedule the report to text or email you the output only if it has any data.

If you pick the right threshold, you’ll only get a text or email when your attention is needed. For example if there’s a significant change from the previous day, if a commitment was breached, or a key indicator crossed a threshold.

Let’s look at a few examples:

  • You’re about to breach your service-level agreement
  • There’s been a drop in performance with significantly longer wait times
  • Your team’s backlog went above your target limit

Implementation

Using Explore Analytics, you can define an output filter. An output filter looks at the output of the report with its aggregated and calculated values and selects only the items that meet the filter selection. For example, if the report summarizes the backlog for each of your team members, the output filter can select members with a backlog of over 50 support tickets. On most days, this report will be empty. When the report is not empty, you’d like to be alerted.

backlog_by_technician

The second step in our implementation using Explore Analytics, is the alerting. We do that by scheduling this report and requesting that it be sent only if it’s not empty.

alert

A couple things to note in the dialog:

  • The email address @vtext.com allows you to send an alert as a text message (SMS) to your phone. The address depends on your mobile carries (the example is using Verizon).
  • The checkbox at the bottom of the dialog means that you will only get the text message if there’s at least one team member with a backlog over 50.

Picking the Alert Threshold

What you want is a text or an email saying “hey, something is going on, you need to take a look.” The message should include the information so that you can immediately act on it.

Therefore, when picking the threshold, consider:

  • Is it actionable? If you’re not going to act on it, then don’t send it.
  • With alerts, you’re looking for exceptions. If you’re going to get the alert every day, then it’s not an exception and you’re likely to say “we should really do something about it” and promptly ignore it.
  • Don’t overwhelm yourself or your team members with too many alerts. Pick the really important ones or set the threshold higher. Let your team members define their own alerts.

Conclusion

Analytical alerts allow you to focus on exceptions and opportunities and proactively manage them. Information is actionable and you can immediately take action or delegate to the right person to take action.