Network Security Operations Quant ReportBy Mike Rothman
The lack of credible and relevant network security metrics has been a thorn in the side of security practitioners for years. We don’t know how to define success. We don’t know how to communicate value. And ultimately, we don’t even know what we should be tracking operationally to show improvement – or failure – in our network security activities. The Network Security Operations (NSO) Quant research project was initiated to address these issues.
The formal objective and scope of this project are:
The objective of Network Security Operations Quant is to develop a cost model for monitoring and managing network security devices that accurately reflects the associated financial and resource costs.
Our design goals for the project were to:
- Build the model in a manner that supports use as an operational efficiency model to help organizations optimize their network security monitoring and management processes, and compare costs of different options.
- Produce an open model, using the Totally Transparent Research process.
- Advance the state of IT metrics, particularly operational security metrics.
As you read through this report, it’s wise to keep the philosophy of Quant in mind: the high level process framework is intended to cover all the tasks involved. That doesn’t mean you need to do everything, but this is a fairly exhaustive list. Individual organizations then pick and choose the appropriate steps for them. As such, this model is really an exhaustive framework that can kickstart your efforts to optimize network security operational processes.
You can check out the accompanying metrics model to enter data for your own environment.
Finally, we performed a survey to validate our primary research findings. Select data points are mentioned in the report, but if you want to check out the raw survey data (anonymized, of course) – you can download the survey data here.