Real-time visibility of your security estate: is it possible?

By Lior Arbel, Encore's Chief Technical Officer



Spare some sympathy for leaders with security in their portfolio - especially anyone who has just started a new position! CISOs, Heads of Compliance and Security Managers everywhere run into the same problem: they don't know what is going on in the security estate they inherited. Yet they must demonstrate they are on top of things, report risks, and present a strategic security future to the business. Usually, they will not even have the grace period of a hundred days from starting their role.


Scary stuff, especially when few large security estates will play along. A typical medium company or large enterprise relies on a convoluted security product landscape full of different solutions brought in at various times. Each aims to address specific problems, yet they rarely operate in concert. And they are often not fully implemented. These create fracturing, a fundamental problem with modern security. A fractured security estate is full of gaps, creating security threats, wasted resources, and unnecessary spending.


It's tough to create comprehensive visibility of such a situation. Reporting can take a long time - 83% of CISOs say it takes a week or more to get good reports as teams correlate different data sets. Reporting typically also depends on individual system agents that deliver different metrics in various formats. Then all that data has to be consolidated and reflected against threat considerations - often a manual task that takes time and involves valuable skilled labour.


But try to explain that to executives, board or risk committees. Isn't that why they hired the security chief in the first place? Isn't it the head of security's job to fix the mess - and do so as quickly as possible? Yet the situation is stacked against the CISO and almost inevitably forces them to keep running in tactical and operational modes. How can one put a strategy in place when there is so much that is unknown – it is sometimes a guessing game hoping for the best.


How to create near-real-time security estate reporting

Fortunately, the situation is not unique to digital security chiefs. Cybersecurity vendors and managed security service providers have the same problem. They need a comprehensive, granular and up-to-date view of a customer's security estate. Without this view, they cannot make quick and contextual decisions that impact the environment. And if they try to collect data and create that view, they run into similar barriers.


These are the reasons why we created Encore.


Encore did not start as a customer-facing service. It evolved in the MSSP space as a way to establish reliable and up-to-date visibility of customer security. Which services do customers run? What are the conditions and statuses of those services? Are there overlaps or missing features? Are they ranked along a spectrum of threat levels? And how do the conditions look when compared to threat intelligence?


Above all, can we have this information right now - not next week?


So we built Encore, a platform that enhances our security service delivery. Soon, customers started to demand direct access to the service.


Encore is a cloud-based service (SaaS). It uses APIs to connect with security services, probing them directly and reporting the results into a coherent data format. Since it's a cloud platform, Encore deploys quickly and unobtrusively. Through proprietary analysis tools, we combine internal risk areas with reported data, using open source threat intelligence. The outcome is a consolidated dashboard view of all the security estate's systems: their performance, risks, gaps, and activities - ranked by levels of severity and urgency.


Encore keeps the data updated by querying the different systems every hour. That's near-real-time and a lot faster than the manual weeks-old data.


It's a gamechanger for security visibility. Our customers use Encore to create quick and comprehensive snapshots of their security, fix problems, identify redundant or overlapping services, and call out under-utilised and poorly implemented solutions.


Encore puts CISOs back in charge, especially if they've just started in a new role. They can identify risk areas quickly, remediate them, and show improvement over time. It allows them to reach their first 100 days without chasing the tails of vulnerabilities, poor patching, implementation gaps and wasted security spending. The time to value is incredible, and the savings from removing redundancies and underperforming services makes Encore an invaluable investment.