HOME Resources Blog The Comforting (or Discomforting?) Feeling of Objective Data Validation


The Comforting (or Discomforting?) Feeling of Objective Data Validation

It’s always nice to have conviction in your assumptions and hypotheses, but in the world we currently occupy there is a huge premium on truth, data and facts. I am, therefore, happy to announce the results of an objective data analysis that validates the huge scale of the problem that we’re addressing at CardinalOps. 

When Michael and I founded CardinalOps, we made a well informed bet based upon our informal discussions with security operators that SOC and, specifically, SIEM configurations were in disarray causing unexpected threat exposure. As we explored various security industry challenges, we heard from many CISOs that expressed concerns about the quality of their security event data and the sufficiency of their threat alerting capabilities. We rarely heard anyone say: “we need more threat detection tools.” Rather, we regularly heard: “we have too many tools and not enough time to figure out how to deploy them effectively.”

It is with that hypothesis that Michael and I created the industry’s first Threat Coverage Optimization platform that leverages AI and Automation to identify the gap between theoretically optimum threat coverage, represented by the MITRE ATT&CK framework, and actual threat coverage, measured by actual SIEM and SOC tool configurations. We hypothesized that the gap would be large and therefore allow us to create significant value by providing automated recommendations for users to optimize their configurations.

Well, based upon the growing number of live SIEM system configuration data that we have, we can now definitely and objectively confirm this hypothesis. It is with somber satisfaction that we can now announce the results of our aggregated and anonymized data analysis that confirms average enterprise SIEM configurations are horribly “out of spec” and expose users to broad threats. While it is satisfying that our hypothesis is now confirmed, it is also deeply disturbing to find such broad prevalence of large threat coverage gaps. Fortunately, we are also developing an effective solution to this problem. Towards that end, we’ll have another announcement soon about the GA release of our Threat Coverage Optimization platform that will provide security engineers with a fully automated solution to close these gaps and optimize their configurations. Stay tuned…