The Visibility Challenge in Security Operations

In my time in both the SOC and as a perimeter security engineer the constant struggle was visibility and having to hop into multiple administrative consoles to investigate events or alerts. The goal was to “Tell a Story”, who accessed what data, via what application, over what network, using what device.

You can imagine how difficult and inefficient this was with siloed technologies or multiple admin consoles to visit. The second challenge was, what if there were gaps across those data points or even worse, only a small sample of information.

This put me and my team at such a disadvantage when doing these investigations and I know for a fact that occasionally the policy changes I made had an adverse impact on the user populous.

A Shift in Thought Mindset and Methodology

Shift in thought mindset and methodology! What if we had full visibility to the “User Journey”, answering all the relevant questions: what persona, with what device, over what network, to what application, that utilizes what data.

It would not only allow IT teams to strategically place technology controls where they can have the most impact, but also allow them to build resilient governance programs with the “User” in mind.

For engineering and SOC teams, they can not only efficiently understand what impact changes or investigations have on the upstream and downstream processes but can hopefully also tell a more accurate story.

Wish I would have thought of this 10 years ago when I was sitting in the dark dungeons of the SOC or troubleshooting application issues through the firewall and proxy.

Loom Security

At Loom Security we are putting this methodology into action by building a new platform that not only visualizes the “User Journey” answering those relevant questions. By grouping like access patterns and creating “Persona” mappings the platform visualizes this journey from device to data bubbling up interesting or “risky” patterns. This is important for many use cases but most notably, building an affective Identity Governance program, Zero Trust Framework strategy, or Data Security Program. The ability to answer the question, who accessed what, from what device, over what network, through what applications, by accessing what data will always enable customers build resilient and efficient security programs.

One Last Thing...

FYI, it’s still not the firewall!!!!

Tagged: Visibility SOC Security Posture Management Thought Leadership
BH
Bryan Hutchinson
VP of Solutions Architecture

Bryan is a seasoned technology leader specializing in IT security and solutions architecture. He has a proven track record of driving strategic initiatives, fostering innovation, and delivering complex, cutting-edge technology solutions.