Are you ready for ‘Moneyball’ security?

Mike McKee, CEO of ObserveIT, lines up for a Security Slap Shot on the benefits of an evidence-based approach to security.

Are your security priorities driven by evidence or collective wisdom?

Security moves fast. We face an intense pressure to perform. Rapidly changing organizations and increasing attacks mean no breaks for security leaders. How do we protect our organizations amidst all this change — especially when we don’t always get the budget, support or staff we need to make it happen?

Mike McKee (LinkedIn), the CEO of ObserveIT, says it’s time we took a page from professional sports and applied the lessons of "Moneyball" to security. Now in his second year at the helm of ObserveIT, Mike is armed with more than 20 years of cross-functional, global experience in technology with the likes of Rapid7, PTC, HighWired.com, as well as serving in analyst roles at Broadview Associates, McKinsey & Company, and Goldman Sachs.

And, notably for Security Slap Shot readers, before Mike earned his MBA from Harvard, he played professional hockey as a defenseman for the Quebec Nordiques where he scored his first NHL goal by zipping a slap shot past Wayne Gretsky.

You know this one is going to be good… and here it comes…

We need to use better data to manage our insider risk

It’s time for a "Moneyball" approach to security

As Billy Beane (pictured above at the premiere of "Moneyball") taught the world with his innovative management of the 2002 Oakland A’s — an approach that has since been mimicked throughout Major League Baseball — data matters. And not only that, but visibility into the right users and data at the right time in the right ways can be transformational.

Security teams have mountains of data at their fingertips — every keystroke and click by a user tells a story — but often they don’t have the tools to leverage the data proactively. Rather than pouring through logs and files from several sources after a breach occurs to identify what happened before, during and after an incident, technology can tap into metadata and alert security teams — in real-time — about risky user behavior, including out-of-policy data access and activity.

Whether you want to call it "moneyball," "securityball" or "databall," the fact is we can now rely on metadata to tell us when people are not adhering to company policy — whether it’s a contractor, vendor, privileged user or business user acting maliciously or accidentally, or a user inadvertently sharing confidential data. Now the data can provide security teams with the full story.  

By monitoring users — trusted third parties, privileged users and business users — you can identify and eliminate insider threats.

Security teams are now empowered to move from a passive, preventative approach that requires heavy lifting by the security team to a more holistic and effective protection strategy. Let’s face it, DLP is like trying to catch a bullet. But lightweight insider threat technology that monitors and analyzes metadata behind the scenes, in real time, with flexible prevention capabilities, flips the equation. 

And, just like Billy Beane’s Oakland A’s — getting a tool that can detect insider threats in real time, streamline the investigation process, and prevent data exfiltration is not a budget buster. Virtually all organizations can afford this type of tool; they just need to understand the approach.

My analysis (color commentary)

The big takeaway for me is to use data — and our experience — to search for hidden (or less visible) ways to unlock value. In sports, that translates into competitive advantage (like competing against teams with 3x the payroll). In security, the same approach to searching out hidden value allows us to better protect information with the resources we have. Done right, it frees up our people to focus where we need them most.

That means asking the right questions and capturing the right data. And then working with the evidence — and our experience — to make increasingly better decisions. I also see this as an opportunity for security leaders to share with each other. Get excited about our "wins" and look for ways to increase value for the entire industry.

Aside: It was a real treat to talk about a security slap shot with an NHL veteran — a perfect fit for the goal (bad pun intended) for this concept. Thanks, Mike!

Your turn — react

Are you embracing the role of data and evidence to drive decisions? Is that allowing you to create value even when you feel it’s a struggle to compete against the changes and onslaught of attacks?

Tell me what you think by taking it to Twitter (@catalyst) to talk it out. Just bring your evidence for this one.

Related:
SUBSCRIBE! Get the best of CSO delivered to your email inbox.