organisation is meeting metrics. These
three outcome-driven numbers can spell
the difference between an organisation
stopping an incident leading to a
breach or experiencing catastrophic
data loss and can help the C-suite
understand how the business performs
and if it’s meeting its security policy and
compliance goals, which should include:
• 1: Time to detection – Detect an
incident or intrusion with automation:
Within one minute
• 10: Time to investigation – The
length of time it takes to find
out if the incident is legitimate
and determine next steps like
containment or remediation: Within
10 minutes
• 60: Time to remediation – The time
needed to eject the intruder and
clean up the network: Within
60 minutes
To avoid becoming
headline news,
businesses need
to arm themselves
with next-generation
solutions.
Beating the clock
Breakout time is a
key and insightful
metric to guide
security teams on
the importance of
quick reactions.
advocates the 1–10–60 rule to define
metrics for accountability and readiness.
1–10–60 is an easy-to-digest metric
that depicts to boards of directors and
C-suites on how to make cybersecurity a
top priority – and a way to measure if the
www.intelligentciso.com
|
Issue 22
In order to keep up with the 1–10–60
rule, security teams must be able to
answer the following questions within the
given time frames and communicate them
effectively back to the CISO: Within one
minute, you should be able to identify if
you’re under attack; within 10 you need
to identify what is the most critical action
to take; and in the hour, a strategy needs
to be put in place and executed. detection and response (EDR) data
into actionable insights for both the
CISO and the board via dashboards,
and in line with SLAs and key metrics
like 1–10–60. Despite this, the threat
landscape continues to evolve in both
complexity and scale, requiring adequate
budget and resources to ensure CISOs
and security teams can quickly respond
to cyberattacks.
While not every organisation can easily
achieve these fast reaction times, this
rule provides a benchmark for CISOs
to measure performance on a monthly
or quarterly basis, hopefully helping
them reduce this overtime. This can help
them to determine if practice and results
are going in the right direction and can
offer clarity for conversations regarding
security posture with the board. To avoid becoming headline news,
businesses need to arm themselves
with next-generation solutions. AI-driven
cloud-native solutions are helping CISOs
supercharge data analysis, allowing
them to extract valuable insights in real-
time while freeing them up to focus on
remediation strategies and remaining
proactive, rather than reactive. All-in-all,
they can feed into automation technology
that helps an organisation beat the clock
consistently – the way they need to, to
survive in the cyber arena. u
Technology innovators are helping
with this process by filtering endpoint
65