Everything in security boils down to data. Often, you are protecting private, sensitive or valuable data. You use data about data (Metadata). You monitor data about how people use your data (Security Events). You gather data on data in order to focus your attention (Security Alerts). You need data about what bad guys are doing to acquire your data (Threat Intelligence). You even need data about the data that measures your data (Telemetry). All this data is overwhelming! You do not want too much data. You do not want too little data. You want data that is juuuuuuust right. But that’s another story for another day…
This is a story about when you have the right amount of Security Event data but the data is not aligned with the truth or the whole picture. This is the story of Bad Data in Third Party Cybersecurity Monitoring (TPCM). (TPCM is one type of Continuous Monitoring, a best practice for real-time understanding into risks to your organization.)
Data itself can have a strong personality like the wolf who confronts Little Red Riding Hood. Data can appear to be on-target, relevant, reliable and easy to change…or it could be the opposite:
There are three characters in this story:
Cyber Monitoring Firms are known as Security Ratings Services for the scores they assign to a vendor’s security posture. There are other players in this space that have focus more on your security rather than the security of your vendors. They are referred to as Cyber Threat Intelligence services – for the sake of simplicity, we will call them all Monitoring Firms.
Monitoring Firms gather information around a vendor’s security practices. Monitoring Firms often provide a score or rating, with letters or numbers, much like a report card or a credit score. Monitoring Firms highlight good and bad indicators in their rating systems. Monitoring firms can notify you when indicators change positively or negatively around how safely Vendor’s access and treat your data.
A Monitoring Firm’s ability to guide vendor selection depends on how the Monitoring Firm interprets and presents a Vendor’s data to you. The following infographic and text detail the four most pervasive issues in bad data in TPCM:
Accuracy – A security event’s alignment with reality
Relevance – Alignment of alerts with customer needs and perspective on risk
Intelligence Reliability – Trustworthiness of intelligence sources used to create ratings, events and alerts
Correction Agility – A Monitoring Firm’s ability to nimbly correct issues
We hope this introduction to these measures of data quality by way of fairy tale will help you better understand all that goes into vendor security ratings and events. Now you know the characters and the plot – but this is just chapter one! In the weeks ahead, we will dig deeper into each of these areas to better understand the current state of practice and opportunities for improvement across the Third Party Cyber Monitoring field.