October is National Cyber Security Awareness Month. Start your awareness journey now. START 
Skip to main content

An Inside Look at Making Visibility Definable and Measurable

As bad actors expand their range of targets in today’s threat environment, many boards of directors now recognize the strong correlation between cybersecurity and business health. 

Today’s board members expect security managers to define strategies and recommend investments in robust cybersecurity processes and controls. And they are demanding dynamic, real-time, unified critical data and visualizations for business-critical security metrics. Such security metrics are critical for the board and executive management to evaluate business governance and risk-management performance so they can make strategic decisions.

Making Visibility Definable and Measurable

To learn more, Arctic Wolf sought insight from key individuals within SANS, including curriculum leads, instructors, and analysts. A common theme emerged: Good visibility encompasses the triad of people, processes, and technology. It requires communication across differing organizational aims—and a balancing act between management and technical goals, as well as between business and security objectives.

An empty boardroom with a blurred out background.

An organization must build a visibility strategy that complements its security profile to properly assess where it should direct resources to for future improvement. To achieve this requires an interdisciplinary approach, one that SANS took in Making Visibility Definable and Measurable. 

In the report, four unique challenges to developing a systematic approach to visibility are discussed. Among the list: 

Policy

The first major challenge is establishing organizational commitment to security, both as required by regulation, as well as what is needed to protect and defend the business. Development of a strong security culture starts with understanding security risk across the enterprise, knowing how the pieces—from management commitment to asset management to operational security—fit together to reduce that risk to an acceptable level. 

To facilitate cross-organizational communication and cooperation, stakeholders at all levels (analysts and management alike) must comprehend what they are looking at in
the context of their roles. They also need to ask and answer the right questions, including why certain data needs to be protected or why certain activities need to be recorded and monitored.

Risk Management

To effectively estimate and communicate risk requires completeness, accuracy, and relevant information to address the questions being asked. Asset inventory and management remains a challenge for many organizations, especially with the 2020 shift to remote work. 

In the SANS 2021 Endpoint Monitoring in a Dispersed World Survey, only 25% of survey respondents indicated that they use endpoint monitoring solutions that have cloud- or DMZ- based servers, which are needed for data capture even if devices are off the organization’s network. This has a big impact on how organizations maintain visibility into their endpoints. Central management only goes so far when it is limited to the corporate network.

Get a Clear Look at Security Visibility

A SANS 2021 Report: Making Visibility Definable and Measurable explains what visibility means, helps you understand its challenges, explores the three different types of security states and today’s top visibility gaps, includes a supply chain attack timeline, and more. Download now.