Selling To The CISO: Cyber-Traffic, Presenting & Data Governance

NDR & XDR: What makes it better or preferable to EDR?

In short, it depends on your particular wants and needs. Each one has its own set of potential gaps to bear in mind, such as with EDR where you can only cover your endpoints. However, NDR provides a much wider range of coverage than EDR.

XDR, which includes entities like Mimecast, SentinelOne, Exabeam and Netskope, is better suited for larger network architectures that need a centralised threat detection approach. Palo Alto Networks’s XSIAM also provides a comprehensive approach, but covers an even wider range of bases and boundaries. For a service that provides EDR, NDR and XDR, Fortinet can be considered.

Other factors that influence the choice are budget, the boundaries it covers, and whether the foundation provides you with all your basic needs.

When presenting to the board, where do you start?

Three good points to focus on is the amount of detected threats, vulnerabilities that have surfaced, and controls maturity. One could also mention how well the staff is trained for this and whether they would need an education platform to skill-up.

Other points of discussion which  vulnerabilities are associated with risk. Then what would be the business impact, and lastly the most cost effective way to handle them. Bitsight and Cymulate are good places to look for 3rd-party risk management and detection.

Can the accountability for I.T. and Information Security in GDPR be placed on different members of the board?

From a GDPR perspective, it shouldn’t sit with just the Security, it should also sit with the Legal team, in the sense that it’s a list of policies and frameworks rather than security.

Data protection is about making sure we have the appropriate controls in place, we have awareness in place, we know how to respond to personal data being breached.

How do we present metrics that have value and insight that are not just technical or just numbers?

Get a baseline of measures prior to the changes, it’s good for comparison. Ideally, have an independent consultant do an evaluation for you, this way it’s easier to define areas that are doing well or lacking, and where more focus should be placed to bring it up to standard.

One could also use Bitsight, as a part of their analysis gives a board-level report, making it a bit easier to represent such data.

Focus on KPI’s by looking at security processes, then get to a point where you’re providing KRIs that are like aggregates of threats, vulnerabilities and controls maturity, as well as potential impacts like the value of key assets, key business processes, and how business information is processed.

What kind of tools are being used for data governance?

A service that can be utilised is Varonis. They’re expensive, and there are several other options currently available for data discovery and data governance.

One can look to services provided by OneIdentity and Thales for accessible pricing that still encompasses a good, broad service.