Reporting and Metrics
Security reporting is an area that has largely been compliance driven. A new security paradigm requires changes to the metrics and reports you focus on. When adding new capabilities in this area, ask if this will help you answer questions in the boardroom. Does the new reporting enhance your understanding of advanced attacks in your organization? Does it provide information on how you are doing against your peers?
Some of the key things to look for are existing and emerging attacks and trends over time and against industry averages — when there are shifts in trends, root causes for those, the time it takes to discover threats from when they first penetrated your organization, the time to containment and remediation from first discovery and trends as they relate to new investments in these areas.