Single Pane Of Glass: Finding The Optimum Cybersecurity Tool

Joe Talarek, senior director, IT & cybersecurity, Turtle Beach. LinkedIn.

At some point in our professional journey, we’ve all been confronted with this query: “What is the optimum security tool for the company, and how do we manage it?” Glass and glazing lamination

Single Pane Of Glass: Finding The Optimum Cybersecurity Tool

This spurs additional questions such as “Should we use a managed SOC, bring the SOC in-house or a combination of the two?” Also, for the CFOs out there (we didn’t forget you), we want it as opex-friendly as possible.

This task might seem straightforward at first, but it’s actually quite intricate. Consider it like an iceberg—small on top but vast underneath.

The first question to ask is what exactly your company is trying to protect and what the requirements are. Once you figure these out, you can start exploring various tools and services and develop a plan.

It appears simple enough to establish the needs: Identify what needs securing and get to work. However, the challenge lies in the detail.

For example, what IT considers crucial might not be seen as such by the finance or engineering departments. Through several discussions with the stakeholders, you can identify the data that requires protection. Likely, the findings will be fairly uniform and will align with the same two or three categories.

Now that you have the requirements, what’s next?

In this area, there are numerous tools or services at your disposal. They all overlap, and one tool will always be able to perform a task better than the other.

In my experience, I’ve witnessed and dealt with tool overload. Lots of alerts from different tools that all tell me the same thing but in a slightly different way. This brings the question, which tool do I check for that alert?

Step 2: Demo some tools/services that meet your requirements.

Step 3: Which one meets your needs and budget?

Step 4: How hard or intrusive is it to implement and how involved is the ongoing care and feeding?

Fantastic—you’ve solved problems one and two. Now you have one or two tools generating lots of data. You’re all set, right?

Depending on the size of your organization, you may get thousands of alerts an hour. How do you sort all this data and determine what is a valid, actionable alert or just noise?

I would want a single pane of glass or “one tool to rule them all” to help alleviate this. If you can find a single tool that meets all the requirements, use it. If not, try the SIEM or the “single pane of glass” approach. Send all of your alerts to the SIEM and begin creating the necessary dashboards. The SIEM will assist in filtering out the background noise and excessive number of alerts so you can pay attention to the important ones.

Some dashboards which may be useful are as follows:

• Types of threats (malware, phishing, DDoS, etc.).

• Trend analysis of vulnerabilities over time.

• Most vulnerable assets or systems.

• Network traffic volume and patterns.

• Top sources and destinations of network traffic.

• Endpoint protection status (AV, XDR, etc.).

• Unusual or suspicious endpoint activities.

• Endpoint vulnerabilities and patching status.

These dashboards can be created using specialized security tools, security information and event management (SIEM) solutions, or custom-built solutions tailored to your organization’s needs. Regularly reviewing and analyzing these metrics will help you stay proactive in addressing security threats and continuously improving your organization’s security posture.

One size does not fit all in the world of cybersecurity. Each organization has unique requirements that must be addressed. The goal is to simplify the environment so you get the alerts that are most relevant and actionable.

This should aggregate all your data into one place for you. Regularly reviewing and analyzing these metrics will help you stay proactive in addressing security threats and continuously improving your organization’s security posture. I hope this helps you on the path toward your single pane of glass.

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?

I write about the world’s richest people and their businesses. I am a CPA and former Big Four financial statement auditor. I graduated from Miami University (OH) with a B.S. and M.S. in Accounting. I recently completed an M.S. in Journalism at Columbia University with an investigative journalism focus. I am a Chicago native living in New York City. Follow me on Twitter @DurotMatthew or email me at mdurotATforbes.com.

Successful CIOs, CTOs & executives from Forbes Technology Council offer firsthand insights on tech & business.

SAP is the world’s leading provider of business software – enterprise resource planning, business intelligence, and related applications and services that help companies of all sizes and in more than 25 industries run better. By extending the availability of software across on-premise installations, on-demand deployments and mobile devices, SAP enables people at the office or in the field to work more efficiently and use business insight more effectively. We believe that the power of our people, products and our partners creates significant new value and unleashes sustainable growth – for our customers, SAP, and ultimately, entire industries and the economy at large.

Brian Mortimer, Head of New Business Sales - UK Mid-Market at SAP\n

\nBrian leads an applications sales team at SAP who help mid-sized UK businesses digitally transform and realise their potential with SAP’s intelligent enterprise.

Veena Radhakrishna is head of software at Cartesian Kinetics. Read Veena Radhakrishna's full executive profile here.

Pvb Eva Swarm Foundation President and architect of Ethereum Swarm, a decentralized storage infrastructure for a self-sovereign digital society. Read Viktor Trón's full executive profile here.