Panaseer issues cyber measurement guidance to protect enterprises from compromise
LONDON and NEW YORK, June 9, 2021 /PRNewswire/ -- Panaseer, the first Continuous Controls Monitoring (CCM) platform for enterprise security, today announces guidance on best practice cybersecurity measurements to help avoid incidents. Currently, there is limited industry guidance around the most important metrics to evaluate, and how to standardise calculations and policies as part of a high-quality security metrics programme. With the right metrics organisations improve visibility into and raise their security posture, helping to limit exposure to successful attacks, such as ransomware, or vulnerabilities including FireEye or SolarWinds.
Among highly regulated, global organisations, Panaseer has determined that the top ten most frequently used security metrics are (in order of popularity):
- Vulnerability remediation SLA compliance
- Endpoint detection SLA compliance
- Vulnerability scan coverage
- CMDB inventory completeness coverage
- Endpoint detection coverage
- Vulnerability outlier analysis
- Active Directory enrolment coverage
- Application security scan coverage
- Application security SLA compliance
- Active employee leavers
Panaseer's CCM platform includes these and hundreds of other best practice security metrics via its new in-platform Security Metrics Catalogue. In addition to Panaseer's expertise, the Security Metrics Catalogue has been curated from a wide community of customers, industry experts, framework organisations such as NIST and in collaboration with the Center for Internet Security (CIS). The proposition also provides recommendations to enable security teams to instantly improve their security metrics programme overall via metric groupings that include a 'getting started' collection, a peer-based recommendation collection, a customer favourites collection, and access to newly emerging metric suggestions.
The company is also sharing best practices with the broader industry, through a new free resource, in a 'Security Metrics Hub.' It includes advice and educational security measurement material aimed to help enterprises overcome the challenge of determining the most impactful metrics for their programme.
CCM is fast becoming a required capability for regulated enterprises. The technology is solving one of the biggest challenges in cybersecurity today – enterprises do not know if their security controls are providing full protection at any given moment. Last year CCM was included as a new category in Gartner's Risk Management Hype Cycle.
Andrew Jaquith, industry veteran, CISO of QOMPLX Inc, and author of Security Metrics: Replacing Fear, Uncertainty, and Doubt, comments: "As W. Edwards Deming put it, 'In God we trust. All others bring data.' Organizations need trustworthy data to show that their cybersecurity programs are keeping them safe and reducing risk effectively. Panaseer's Metrics Catalogue gives customers new options for using and sharing common cyber metrics, enabling better collaboration and elevating the state of practice."
Mike MacIntyre, VP Product, Panaseer, adds: "The only way to prevent a cyber-attack from succeeding is to have the proper cyber controls in place. However, cybersecurity control failures have topped the list of executive concerns, according to a recent report from Gartner, Inc. on emerging risks. This problem is fuelled by a lack of industry standards in the metrics that organisations should measure and monitor to best protect themselves. We are solving this industry issue by providing a blueprint of best-practice metrics, which are available in-platform for our customers, supported with valuable information on our website that's free for all."
Last year Panaseer commissioned a study of 400 security leaders* working in large financial services companies. The vast majority (96.77%) of respondents claimed they use metrics to measure their cyber posture. However, less than half of respondents (47.75%) could claim to be 'very confident' that they are using the right security metrics.
Panaseer is bringing together industry knowledge and best practices to increase overall confidence in enterprise security measurement programmes. For more information on the 10 most popular security metrics, please see: https://panaseer.com/security-metrics-hub/resources/10-most-popular-security-metrics/
About Panaseer
Panaseer is the first Continuous Controls Monitoring (CCM) platform for enterprise security. CCM solves one of the biggest challenges in cybersecurity today. Enterprises do not know if their security controls are providing full protection at any given moment in time. Panaseer's CCM platform uniquely correlates data from all security tools to identify and measure missing assets, control gaps, and advise on underperforming controls.
CCM has become a required capability for regulated enterprises. Last year CCM was included in Gartner's Hype Cycle under its Risk Management category. Recently, Momentum Cyber included CCM in its Cybersecurity Almanac, as a next generation technology that will shape the future of cybersecurity.
Panaseer's CCM platform was named as the 'Best Regulatory Compliance Tool and Solution' at the 2020 SC Awards Europe, and it also received the Editor's Choice award from Cyber
Defense Magazine for its 'Continuous Controls Monitoring platform' for the last two years in a row.
Panaseer clients include the world's largest institutions and enterprises. Its total funding to date is $43 million and its investors include: AllegisCyber Capital, National Grid Partners, Evolution Equity Partners, Notion, AlbionVC, Cisco Investments and Paladin Capital Group.
For more information: www.panaseer.com
Survey information
*400+ security decision makers, manager level and above (including CISO/ senior security/ risk officers), working in companies within the financial services industry with 5,000 – 25,000 employees in the UK and US, were surveyed by Censuswide in 2020.
Share this article