© Critical Informatics Inc., All Right Reserved 2016

Threat Intelligence Blog

The   Been   There,   Bled   There    Blog   that   covers,   well,   just   about   anything   that   we   feel   you   can gain   critical   insight   from.      We   wear   our   battle   scars   with   pride   and   are   grizzled   enough   to occasionally yell, “Get off of my Lawn!” As they say, “You Can’t Make This Stuff Up!”
(206) 687-9100
When   the   team   at   Critical   Informatics   started   redesigning   our   managed   service   product   from   the   ground   up   for version   2.0,   we   had   to   ask   ourselves   a   lot   of   questions   about   how   to   build   on   our   success   with   a   popular   model, eliminating   weaknesses,   improving   features   we   liked   and   extending   it   in   ways   that   continue   to   show   value   in   a   market where it seems like everyone is claiming “advanced analytics” as their not-so-secret sauce. Often,   in   early   planning   for   products   –   the   earliest   decisions   are   philosophical   in   nature,   rather   than   technical.   This   is reflected   in   my   first   post    on   version   2.0,   where   I   explain   that   in   many   ways,   it’s   all   about   getting   to   the   question   –   and the   answers   follow.   In   this   post,   I   want   to   talk   about   another   philosophy   that   we   adopted   in   2.0   which   drives   our   sales and marketing team crazy, and we are still convinced was absolutely the right direction. Critical   Insight   has   a   lot   of   features   that   are   rare   or   non-existent   in   competitive   products   like   access   to   packet   capture for   perfect   replay   of   network   events,   zero   false   positive   reporting   and   human   analysts   in   the   loop   for   all   reported events.    What   we   don’t   (yet)   have,   is   a   beautiful   customer   portal   that   allows   our   customers   to   login   and   view   beautiful pie   charts   and   bar   graphs   which   represent   security   related   activities   on   their   network.   We   deliver   a   monthly   report (with   beautiful   graphs)   that   shows   these   things,   but   even   that   report   wasn’t   a   priority   for   us,   because   we   are   focused on something else; helping our customers with security events. If   Critical   Insight   is   monitoring   your   network,   our   job   is   to   spot   potential   problems,   verify   that   they   are    real   problems and   report   only    real   problems   to   your   incident   response   process/team   for   action.   To   do   that,   we   need   analysis platforms,   threat   intelligence,   raw   data   and   truly   amazing   analysts   all   performing   at   peak   efficiency   to   boil   everything down   into   a   FEMA   style   Incident   Action   Plan   that   you   can   use   to   respond   to   a   confirmed   incident.   Note   that   nowhere in   that   description   is   an   on-demand   pie-chart   of   what   APTs   are   pinging   your   firewall   today   as   a   customer   experience. We selfishly created a ton of interface/analytical/visualization tools for our own internal analysts and nothing for you. This   flies   in   the   face   of   every   IDS/IPS/Dashboard/VisualizationOfSecurityDataWillSaveUsAll   that   we’ve   ever   seen, and   believe   me   –   our   sales   team   isn’t   happy   about   it.   It   DOES,   however   provide   our   customers   with   the   very   things   we promise.   This   is   what   allows   Critical   Insight   to   provide   very   very   (very)   expensive   analyst   time   efficiently.   For   most   of our   customers,   doing   the   nationwide   search   for   an   analyst   with   the   skill,   experience   and   capabilities   to   look   at   the fancy   dashboard   that   most   products   produce   and   make   sense   of   it    is   really   out   of   the   question.   These   folks   are   as rare   as   a   30   carat   diamond   and   almost   as   expensive.   Our   focus   has   been   around   making   the   very   best   use   of   this   hard to acquire talent and experience and providing it as a resource to our customers. Maximizing   the   effectiveness   of   our   analysts   on   your   behalf   will   always   remain   our   priority.   For   now,   our   monthly reporting   satisfies   that   “death   by   numbers   with   colorful   graphs”   itch   that   the   industry   has   assured   us   we   must   all scratch   –   but   a   live   portal   for   data,   analysis   results   and   other   dashboard-ey   stuff   is   on   the   product   roadmap.   We   can’t ever   lose   sight   of   what   we   MUST   deliver   though,   curated   analysis   of   security   events   from   human   analysts   with sufficient detail for customer action. I   should   probably   mention   that   our   analysts   screens   are   not   exactly   objets   d’art.   If   you   hang   out   in   the   Critical Informatics      Security   Operations   Center,   you’ll   see   large   screens   full   of   text,   meaningful   to   the   development   team   and our   analysts,   but   pretty   densely   packed   for   normal   humans.   The   occasional   bar   chart   will   appear,   but   is   quickly   closed by an embarrassed looking analyst, hoping nobody saw it. Mike Simon is the CTO of Critical Informatics.
Pretty is the Enemy of Great   1/20/2016 By Mike Simon CISSP CTO
Threat Intelligence Blog CRITICAL INFORMATICS INC.
(206) 687-9100
© Critical Informatics Inc. 2016 All Rights Reserved

News

Critical Informatics IT Security

Daily News Blast

Sign   up   for   a   truly   essential   Daily   Briefing   on   all the      Industry,      National      and      International Cybersecurity   and   Information   Security   events you need to know and be able to act on today!

Search the Blast Archive

Search by Date, Range, or Keyword September 2015 August 2015 June 2015 May 2015 April 2015 March 2015 February 2015 December 2014 October 2014 September 2014 August 2014 July 2014 May 2014 April 2014 February 2014 December 2013 November 2013 August 2013 July 2013 June 2013

Threat

Intelligence Blog

The   Been   There,   Bled   There    Blog   that   covers, well,   just   about   anything   that   we   feel   you   can gain   critical   insight   from.      We   wear   our   battle scars    with    pride    and    are    grizzled    enough    to occasionally yell, “Get off of my Lawn!” As they say, “You Can’t Make This Stuff Up!”
(206) 687-9100