Lessons from Customers: Enhancing Gutsy's Security Governance Features
How customer experience shaped Gutsy 24.05's ability to solve security governance challenges with data science
John Morello | June 4, 2024
Security governance is a hard problem - every organization has a unique combination of technology and processes they rely on to deliver security outcomes.
We talk with customers everyday about how data science helps them solve governance problems by enabling real understanding of how their organizations work, identifying the most critical risks, and measuring KPIs to mitigate them.
In the 24.05 release of Gutsy we’re delivering several new capabilities based on real world customer experiences to help make these tasks easier and help organizations deliver better security outcomes.
Key Risk Driver: Process Inconsistency
Process inconsistency is one of the key drivers of risk in many organizations. For example, if you design a vulnerability management process for patching critical vulnerabilities within 30 days you may think you’ve mitigated one of the most omnipresent security risks.
However, if you only follow that process 80% of the time, in just a few months that 20% of inconsistency may accrue to hundreds or thousands of systems with unpatched critical vulnerabilities. Historically, it’s been really hard for organizations to zoom out and understand how and why security processes get off track.
In 24.05 we’ve introduced several features that help organizations automatically categorize and organize the various paths processes can take at scale. These features help create that larger zoomed out view that enables understanding of the sources of inconsistencies. Critically, this makes it easier to set KPIs and take corrective actions when processes get off track.
As for our vulnerability management example, what we often see with customers is that the problem is not detection, nor even assignment, but rather delays in the deployment of fixes that result in process inconsistencies.
By making it possible to identify and take action on process inconsistencies proactively, Gutsy helps you deliver better security outcomes and lower risks.
Read more about these features here.
Process Blueprints
We often talk with customers that intuitively understand the importance of process and data to security but don’t think they’re at a maturity level to really drill into their current workflows.
Sometimes this is because they’re new to the role and haven’t had a chance to implement good security processes yet. Other times it’s because they have a complex set of interdependencies with other business units (like IT) and service providers (like MSSPs and MDRs) that they rely on for large parts of the workflows.
In 24.05, we’ve added a feature we’re calling process blueprints, which allow users to define how they’d like a given process to work in a simple drag and drop UX.
This blueprint then serves as a point of reference in our process explorer and dashboards that Gutsy uses to compare the as-is, observed state against. Thus, even if you’re not sure how a given security workflow is really functioning, you can use Gutsy to define the model of how you want it to work and then Gutsy will help measure performance towards that ideal state.
Read more about process blueprints here.
More Powerful Dashboard Views
Data isn’t powerful until you can analyze it from the perspectives that answer your questions. We’ve long supported this kind of analysis in Gutsy with views. Views allow you to slice and analyze your correlated, normalized, de-duplicated dataset to answer the questions that you care about. For example, one of our customers uses a view to track a key risk in their identity management program by showing users off boarded in the past year, after termination for cause, in which all their accounts were not fully removed.
In 24.05, Gutsy views become even more powerful, with the addition of a dedicated dashboard paired with each view. In the past, Gutsy automatically created dashboards for each process; now in 24.05 there are new tabs for every view within that process. This is a powerful new capability because it makes it easy to track and communicate about specific questions important to your organization.
For example, you might create a view that looks at the MTTR for critical vulnerabilities in your cloud accounts in Europe. Gutsy will automatically create a dashboard based on that filtered dataset that your European team can use to track progress towards their patching KPI and identify inefficiencies and inconsistencies that negatively impact it.
Read more about dashboards for view here.
We work with customers every day to help them use data to improve security governance. Much of what you see in Gutsy is a direct result of that work and these new features make it easier for customers to use our applied data science to deliver better security outcomes.
Learn more
Demos: Gutsy's Components