Measurement refers to the quantification of results obtained by using measurement tools. Key Performance Indicators (KPIs) are a common method for measuring the success or failure of a business goal, function or objective and are a means of providing actionable information on which informed decisions can be based. Most security operations goals are largely focused on positive or negative trends over time rather than achieving a specific target.
Measurement of security information is key for making informed tactical and strategic security decisions. Combined with security automation and orchestration, measurement is the third critical component of a SOAR solution.
Information to support tactical decisions typically consists of incident data, targeted towards analysts and managers, which may include indicators of compromise, related events, assets, process status and threat intelligence, while strategic information is targeted towards managers and executives and is used to make informed high-level decisions. Strategic information may include incident trends and statistics, associated costs, threat intelligence and incident correlation. More advanced security programs may also use strategic information to enable proactive threat hunting.
Dramatically reduce the mean time to detection, response and remediation of all potential security incidents, ensuring no alert goes untouched.
See IncMan SOAR in Action.