Security metrics have always been a challenge for CISOs. Security leaders have to be able to show the benefits of the security investments they have made so far – and what improvements adding new technologies would bring. When news of a breach or attack becomes public, security leaders have to be able to answer the question, "Are we affected? How secure are we?" Pulling the relevant information is rarely straightforward or quick.
This is the problem Israeli startup SeeMetrics, which just emerged from stealth with $6 million in seed funding, hopes to solve with its security portfolio management platform. The platform consolidates all metrics data from across the organization and gives security teams a consolidated view into the security stack to identify coverage and gaps, writes Kelley Mak, a partner at Work-Bench Management. Work-Bench led the seed round for SeeMetrics this week, along with 8VC, AGP, Essence VC, K5 Global, and Verissimo, along with other unnamed angel investors.
Cybersecurity performance management solutions help CISOs assess the performance of the security stack performance at that moment, says Mike Admon, CTO/CISO of SeeMetrics. The company's CPM platform "helps CISOs and other cybersecurity stakeholders streamline decision making with a risk-based but outcome-driven approach to cybersecurity assessment and management," he writes.
The SeeMetrics platform also lets CISOs track the security program against industry benchmarks and standards (such as NIST, ISO, and others). Security leaders can look at the operational metrics drawn from their security stack and immediately identify gaps, inefficiencies, and areas for improvement, allowing them to make decisions quickly.
Many CISOs are relying on customized spreadsheets and manual business intelligence dashboards, which require lots of time, personnel, and resources to work with, Mak notes. Even data visualization tools require someone with the expertise to apply proper parameters and to understand which data is useful. CISOs regularly shift focus in light of emerging threats, and identifying new parameters makes the process of getting the metrics time-consuming.
“Going forward, we can expect security metrics to play an even larger role for security teams,” Mak writes, noting that it will provide security leaders visibility into how their security budget is spent and which investments are paying off.