Today’s cybersecurity and risk landscape is vast and ever changing. There are plenty of existing solutions as well as new offerings and vendors available in the marketplace. I have always been a big believer of matching tool solutions to specific problem sets to reach desired business outcomes. My goal is to extract “as much of the value as possible” out of my existing tool solutions, before investing in new ones. While there is not one “single tool” that does everything, it is possible to limit the number of solutions to the select set that best meet your business requirements. The best approach for tools selection, is to document your requirements and outcomes first, before moving into “Proof of Concept(POC)” stage. In my experience, not everyone follows that mantra and unfortunately moves to quickly into POC mode. That approach can be a recipe and likely probable cause for not having a successful tools rollout.
Here is a shortlist of a few key ingredients for achieving desired and successful results.
- Business Impact Analysis. When it comes to cybersecurity tools, it is imperative that the risk assessment and Business Impact Analysis be completed and reviewed first. Prior to any implementation of controls (or cybersecurity tools), the business risk needs to be quantified and assessed. I love the adage of“… you wouldn’t implement a $10 control for a $5 business risk”.
The same holds true for cybersecurity tools.
- Gather and document requirements. This effort will obviously include the various cybersecurity teams, but also gather some secondary requirements from network, unified communications, and even applications teams. While the cybersecurity and risk requirements will take centerstage for priority, it can be eye opening (in a good way) to see the various other teams in your organization weighing in on their security viewpoint and needs. It is often beneficial from a company Return On Investment (ROI) and justification perspective, to have other teams engaged. It can really help your cause in addressing your solution needs, by simply asking some of your peers if they have any requirements to address. The more teams involved means more potential value, which will bring a quicker return on the investment.
- Make the vendors address the requirements. While it seems common sense to the process, it unfortunately sometimes is not what happens. Ever attended a vendor meeting where they presented the benefits of their brand new shiny “widget”, and never addressed how their solution would address your actual requirements? I rest my case.
- Look for integration points. As companies and solutions grow, many times there will be new partnership arrangements and/or integration points via Application Programming Interface(API). Sharing information amongst your security tool stack can positively impact the overall efficiency. For example, if an alert from any tool set can be sent into your Security Information and Event Management (SIEM) or event correlation engine, there can be further drill downs between tools. These types of API integrations can positively impact your team’s workflow from getting an event to then drilling down into another data set from another tool set with context.
- After selection and purchase, prioritize the rollout. While it is a bit odd to mention, nothing stops the realization of value from a tool solution faster than “not deploying it”. Sometimes companies make their and purchase their tool selection but fall short in getting it running.
Business challenges and priorities shift fast these days, but it is important to get the tool solution rollout planned and executed as quickly as possible. Momentum and reducing time to value are your friends in rolling out a new solution.
- Share the Wins & success with management. After you have made your tool solution decision, install and configure the solution, and train your staff, you finally move on to production use cases. Your solution is ready to begin generating value to your team and organization. When it does, you will likely get some “Wins” while the solution goes about meeting your documentedrequirements.Winsareagreatthing,butintheirmidst,don’tforgettosharethesuccessstoriesand wins with your management. Management makes many decisions related to the business on a daily basis. It is good to share the success stories with them and reinforce the good decision-making process they executed. “Good decisions” that affect the organization in a positive manner, also have a positive impact on the company bottom line.
