Security metrics and log data don’t have much value in and of themselves. The value is derived by the questions you ask and information that you can extract from the security metrics and log data. If you have the wrong data or ask the wrong questions you can actually do more harm than good.
I wrote this blog post about five ways security metrics may be damaging your security posture:
There is no shortage of data out there. Virtually everything with a power source is logging events and churning out data almost constantly—including all of your security tools. That data—your security metrics—can uncover valuable truths about your security posture if used and analyzed properly, but it can also be very misleading or completely useless.
Aaron Levenstein is credited with this little tidbit of wisdom: “Statistics are like bikinis. What they reveal is suggestive, but what they conceal is vital.” The bottom line is that your security metrics can help you uncover issues with your security posture and make more effective decisions about how to improve it, but only if you’re considering the right security metrics for the right reasons.
Here are five ways that security metrics can actually do more harm than good for your organization’s security:
1. Collecting too much data
You can’t just collect security data for the sake of collecting it. You can quickly amass gigabytes, terabytes or more of security metrics and then you face the challenge of parsing and sifting through it all to try and ferret out the one or two valuable takeaways from it all.
2. Gathering useless data
Part of the solution for not gathering too much data is to make sure you’re only collecting data that has some relevant value. Some will argue that all data has value—it’s all in what questions you want to answer and how they’re asked. If the goal is to limit the volume of security metrics data, though, you have to use some discretion about which security metrics matter and which data you want to gather.
3. Lacking the skills and/or tools to effectively analyze data
Collecting the security metrics data is just the beginning. A massive database of log data doesn’t provide any value until or unless you have both the right tools and skills to filter through it and figure out what it means.
Read the full post on the RSA Conference blog: Five Ways Security Metrics Do More Harm Than Good.