How does your enterprise defense stack up?: nCircle Benchmark

Share this article:
How does your enterprise defense stack up?: nCircle Benchmark
How does your enterprise defense stack up?: nCircle Benchmark

Do you really care how your security is performing compared to other companies of your type? Maybe. After all, there may be commonalities in various areas that you can examine to gain some insight. 

For example, if you have a particular set of vulnerabilities that you are finding especially hard to manage, is there a chance that others have the same problem? Thinking along these lines leads to solutions for very challenging problems. It's akin to gaining the insight of an analyst so as to see with greater clarity. This month's First Look, nCircle Benchmark, addresses exactly that challenge and does it quite well.

This product was developed originally for the CISO, with the idea that this security executive could measure and report the state of the security tools they were using. Unfortunately, as with many report-based products, this presented challenges for lay people, such as C-suite personnel who needed to understand the presentations. The focus of this tool is performance – something executives understand well – rather than concentrating on the technical details.

When nCircle acquired Clearpoint Metrics, it immediately took advantage of the Clearpoint scorecard system to provide comparisons with similar businesses. The nice thing about this tool is that it can report on multiple levels. For example, it can give security professionals somewhat more drilled-down reports that help with remediation and tuning. At the same time, the scorecards offer the less technically inclined a clear look at the performance of the company's security efforts.

This is heavily strategic. It helps answer such questions as, “Which investments in people and products are effective and which are not?” It helps determine if these investments actually are supporting the organization's strategic priorities. It also helps in setting those priorities, and then measuring performance against them.

The product is, at least partly, cloud-based. The user installs agents – called “data adapters” – for devices that it wishes to monitor. These connect to nCircle where the metrics calculated on the user's site are aggregated into scorecards. Because the data adaptors use standard APIs, the implementation is smooth and straightforward. The user side of the deployment also is very lightweight.

There is a lot to like about this approach. Some things that struck us, in the free implementation, were the ability to use the product/service at no cost for as long as one wishes. That gives time for a reasonable evaluation, unlike typical 30-day trial periods.

We also like that the heavy work is done at nCircle. In the SC Lab's virtual clusters, we expend a lot of cycles with various forms of monitoring. We have no choice but to keep it local because our students are using these tools as part of the education process. But in a production environment, there is a lot to be said for offloading the heavy lifting, especially if the security of the data can be assured – as nCircle claims.

The scorecards are interesting, but the trending against performance standards and internal benchmarks is extremely useful. Probably the nicest feature of Benchmark is the thinking that went into it. The notion of sticking to performance and economic measurements is an absolute necessity for today's enterprises. It's taken us a long time to get to that mindset, but it is exactly where we need to be. It also is a game changer for how we as security professionals get share of mind with the leaders in the C-suite. 


Product: nCircle Benchmark

Company: nCircle

Price: Basic edition is free. Standard and Premium editions offer more benchmarks, scorecards and customizable metrics, and start at $550 per month per Scorecard Pack.

What it does: Provides a performance-centered view of the efficacy of the security tools, techniques and people expected to protect the enterprise. Presented both as trending and as scorecards when compared against other organizations of the same type.

What we liked: We especially like the approach to managing the security issues that security administrators and engineers struggle with in a way that lay people can appreciate and find useful.

What we didn't like: Nothing, really. For us, the jury still is out a bit on the value of comparing an enterprise against similar enterprises in similar silos. Time and the market will work that one out though.


Share this article:
close

Next Article in First Looks

Sign up to our newsletters

More in First Looks

AhnLab's MDS: A comprehensive approach to malware management

AhnLab's MDS: A comprehensive approach to malware management

AhnLab refers to its product - MDS - as a malware defense system. I, however, think of it more as a malware management system.

Covering all the SAP bases

Covering all the SAP bases

X1 is an agentless SAP auditing tool that is able to map out entire SAP landscapes and display any insecure configurations on the individual elements of the landscape.

Digital forensic incident response in a box

Digital forensic incident response in a box

CIRT from AccessData Group is a full lifecycle forensic tool - from detecting to analyzing to remediating - and it's all in a single package.