• United States



Contributing Writer

4 ways CISOs can improve security operations, increase ROI

Sep 11, 20173 mins
Network SecuritySecurity

Organizations will spend more on security operations, but CISOs need metrics to demonstrate ROI.

hundred dollar bills magnifying glass
Credit: Thinkstock

Overall, security operations are quite difficult, many organizations complain about too many manual processes, too many disconnected point tools, and a real shortage of the right skills. These issues can lead to lengthy incident detection and response cycles or worse yet, damaging data breaches. Just ask Equifax.

A recent ESG survey of 412 cybersecurity and IT professionals about their organization’s security analytics and operations found organizations know they have problems and are willing to address them. For example, 33% say their spending on security operations will increase significantly, while another 49% indicate that their security operations spending will increase somewhat.

While security operations spending will increase, it’s worth noting that 30% of cybersecurity professionals say that their biggest security operations challenge is the total cost of ownership. What does this mean? CISOs are willingly spending millions of dollars on security operations but getting marginal security efficacy and poor operational efficiency.

How CISOs can improve security operations

As the ESG data points out, business executives are more than willing to throw money at security operations problems, but they will demand that CISOs present them with all types of metrics demonstrating that increased investment is actually leading to improved results, such as improving the time needed for incident detection and response.

Bolstering these metrics won’t be easy, but based upon ESG research, CISOs can make progress by doing the following:

  • Creating a SOAPA integration plan. Leading CISOs are actively consolidating security technologies, eliminating vendors, and building a security operations and analytics platform architecture to unify detection and response tools across a common architecture.
  • Pushing for process automation and orchestration. Even well-resourced security teams can’t keep up with the scale and complexity of today’s threat landscape. Progressive organizations are using automation and orchestration for use cases such as investigations, threat hunting, and automated remediation to accelerate processes.
  • Unifying security and IT operations teams. Too often these teams have different goals and compensation, and they use diverse sets of tools in pursuit of their organizational mission. CIOs and CISOs are getting together to tear down walls between these groups, while SOAPA enables disparate groups to share data, prioritize tasks, and automate remediation actions.
  • Adopting advanced analytics. Amidst all of the industry hype, true innovation is happening in areas such as artificial intelligence and machine learning. CISOs should carefully research these technologies, determine which analytics tools fit their organization’s skills and strength, and embrace pilot projects.

As CISOs move forward with these initiatives, they should continually determine how to measure and report incremental and ongoing advancement they achieve with risk management, security efficacy, and operational efficiency. Successful CISOs will be the ones who can demonstrate and communicate real and honest progress anytime they are asked to do so.  

Contributing Writer

Jon Oltsik is a distinguished analyst, fellow, and the founder of the ESG’s cybersecurity service. With over 35 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies. Jon focuses on areas such as cyber-risk management, security operations, and all things related to CISOs.

More from this author