For new security practitioners, deciding which security products are the best investment can be overwhelming, especially with so many vendors making promises to solve all of your security problems.
Most of us who are new to the job are looking to impress, and in business terms, that means spending wisely. For those who are looking to weed through the ocean of security solutions to find the most applicable product that addresses your business-specific risk while offering the best return on investment (ROI), use cases can be extremely helpful.
Here are some tips from industry leaders on how to make better spending decisions by knowing your internal issues and looking to use cases to help you solve them.
Do a risk assessment
I can’t even attribute this tip to any one professional because it’s just good practice, a necessary step. Without knowing your business- and environment-specific risks, you can’t possibly invest in the right products to mitigate those risks.
“Know the regulations that matter to you,” said Jeannie Warner, security strategist at WhiteHat Security.
Whether it’s PII, Social Security numbers, credit card numbers or intellectual property, any of the data you own requires that you protect it.
Analyze the intelligence
Mischel Kwon, president and CEO of MKA Cyber, said use cases are important in understanding different types of attacks.
“We have a process that we use in consulting where we start with threat intelligence and intel analysis,” he said. “Vetting and analyzing the TI as it comes into an organization is one of the most important things to do, then you tag the intelligence with a use case scenario.”
From there, you can map use case detection requirement to the specific tools you need for your environment.
Think about internal requirements
Whether a product might be storing your logs offsite without your knowledge or creating issues with web filtering and SSL interception, there is potential that when a new product is introduced, it starts performing functions that are inline with your internal requirements.
Bilal Khan, global security and network manager at Argo Turboserve Corporation (ATC), said there is a wide range of issues from collecting meta data to indexing your data or not properly vetting your data that can pose privacy concerns.
Make sure your IT staff is up to snuff
If your environment isn’t well manicured, it can be a challenge to get things working together properly. Kwon said you have to make sure your IT staff has the ability to support a capability.
“You have the SOC capability to use a tool, but what you funded for resources doesn’t match what you funded for tools. Tools require skills, and that can be a money pitfall,” he said.
Rely on use cases
Most security products are designed to be really great at addressing certain problems but not others. Itzik Kolter co-founder and CTO at SafeBreach said, “Understanding the use cases for a security product is important to align what the product actually solves with the security issues an enterprise is trying to address.”
Next read this: