We had an amazing Verodin customer dinner last night in San Francisco at Boulevard. In attendance were CISOs and security leaders from the Bay Area representing companies from the tech industry, retail, financial services, and local government. Also in attendance was none other than Frank Kim, former Kaiser Permanente and SANS CISO. Frank and I even shot a short video about security instrumentation that will be dropping in the next couple of months. He had some great insights, so keep an eye out for that.
This was an extremely seasoned and technical group that quickly understood the value of security instrumentation and asked probing questions about how it could be leveraged in their own environments. Like most security leaders, they are sick and tired of the same old approaches to security that result in little to no effort being spent on validating the efficacy of the actual security controls protecting their assets. Scan for vulnerabilities, great. Patch vulnerabilities, great. But what about validating the security controls protecting those assets?
If I boil down the conversations into just five key security instrumentation points that really resonated with the group, they are as follows:
- The Verodin Security Instrumentation Platform (SIP) can be used to validate that security controls and configuration changes are working across EDR, network, email, and cloud, including the security management stack such as SIEMs, firewall managers, endpoint security managers, etc.
- If something isn’t preventing, detecting, correlating, or alerting, Verodin SIP prescriptively details exactly what needs to be done and, when the change is made, it can be further validated to ensure the change was done correctly.
- If controls are found to be unnecessarily redundant or configurations simply can’t be tuned, patched, or updated to provide the needed level of value, Verodin SIP gives you the empiric data to justify a rip or rip-and-replace.
- Once controls are in a known good state, Verodin SIP provides Advanced Environmental Drift Analysis so you can manage by exception and be alerted when something that was blocking, detecting, or correlating, for example, has stopped doing its job.
- As it relates to talent acquisition, Verodin SIP allows an employer to safely execute real attacks in their production environment, thus triggering security controls to prevent, detect, correlate, and alert. While being supervised in a SOC, a potential new hire is measured by their security aptitude. Where should we look? What do we think is happening? What steps need to be taken to verify and mitigate?
It’s always great to be part of such a deep discussion with customers and hear about their real-life use cases and points of pain. One thing has become abundantly clear: the core value proposition for security instrumentation resonates with everyone. While the use cases vary, everyone wants to be able to answer the multimillion-dollar question: “Is our security effective?”
Learn more about the Verodin Security Instrumentation Platform.