Anyone who knows me, knows I like golf. They also know that I’ve focused my career on helping organizations enable the best security solutions for protecting their information, assets, and networks. I’ve talked to hundreds of security leaders about their environments, challenges, and constraints. Repeatedly, not one of them can smile and confidently state they know the formula for success.
Some of these same leaders are also golfers. Even those that aren’t at the top of their game, learn from each stroke and from the ups and downs of each hole. Through bad weather, bad luck, and blunders they know showing up and playing through will make them a better player. Muscle memory will develop, the skills to read the course improve, the player will begin to sense the important data points to evolve their game. Even though it’s against the formal rules of golf, occasionally they can call a mulligan and get a second chance. However, there are no mulligans in cyber-security. The path to success for CISOs and security leaders is about balancing risk and continuous learning. Hard lessons come out of security incidents. Detecting threats early and taking decisive action is something everyone struggles with.
It’s our nature to address a problem by collecting data and trying to see if anything useful comes to light. There is plenty of data that is collected with security solutions, but its value is diminishing. It’s a lot like looking at another golfer’s scorecard and hoping to glean information that will improve your game. Without context, this data is not noteworthy. However, the original owner of that scorecard will have the historical perspective of that game. They will remember the pesky cold, or the back nine of the course was soggy. They will also know if they played safe or experimented with some riskier shots. These behavioral aspects provide a rich context of the game, something the scorecard couldn’t capture.
As a spectator, it’s the visual cues of the course conditions, the player mechanics like stance and swing style, that fans love to see. It’s enlightening when the commentator can provide information on how the player did last tournament on this hole, and how it’s unusual for him to be using a nine iron in these conditions. If you were a player in this tournament, you wouldn’t have access to this information. You would focus on your game and hope for the best. Like many siloed security solutions, they are also hoping for the best. Hoping they are logging the important information that provides value in detecting risk and threats.
What if you had the ability to capture the subtle changes in activities and actions across an organization? It would be akin to capturing each player’s swing speed, stance distance, swing path, along with club choice, for each hole. By leveraging this context rich data, active baselines are established, and learned insight is derived from current and historical perspective. It would point out that it’s unusual for this player to be using a nine iron from this distance.
I’m working on a new venture these days. My company is exploring how to give security teams this new perspective for understanding cyber threats and risks. I hear from customers and prospects how their security teams are chasing after too many false-positives. They want to explore security solutions that can help them, but like golf’s 14 club limit, they must pick and choose. We’ve focused on security protections, but they all are showing limitations as the adversaries are moving too fast. I believe we need to counter this with better risk and threat detection. External, APTs, and Insider threats are all out to steal sensitive information or to disrupt business. By directly capturing the signals of behavior across users and systems insight is delivered. CISOs and security teams get a multiplier effect, continuous unsupervised learning about their organization’s activities and actions, and the uncovering of risk events of interest with a clear path to action. Because there are no mulligans in cyber security, I want to help organizations visualize their risk, so they will make better and faster decisions. Keeping them on the green, and driving toward effective security actions against the uncovered threats that are within their environments and cloud services.
Co-founder of Change Dynamix: Robert Capinjola