Whenever I talk with clients interested in or anxious about cybersecurity, my first question falls to, “What are you protecting against?” Invariably, the initial response comes out as “everything.”

While we all want this outcome, it cannot happen, it does not happen and it will not happen. Entities must focus and dedicate a solution around business objectives, need, risk and organizational capability. When designing, purchasing and deploying a cybersecurity environment, there’s only so much time, money and expertise available. To assist clients in narrowing down their “everything” to a more realistic and manageable answer, we focus on use cases. These simple statements focus in numerous areas and tie in specific rules in a log aggregation system or security information and event management (SIEM) platform.

By understanding what use cases most immediately relate to a business or organization, we can deploy a solution that delivers technical data rapidly, thus granting the next level of security to our customers. Engaging experts in use case analysis and review through focused workshops presents a clear opportunity for organizations to understand their needs and plan a road map for future maturity.

Executive Sponsorship Is Critical

Cybersecurity solutions must start at the top with executive sponsorship and alignment with business objectives. Technology purchases, deployments and configurations flow as a natural outcome from business requirements. Use cases align business goals with technological capabilities. While the term “use case” may invoke different meanings or elicit various responses from different parties, they usually revolve around what a solution strives to accomplish. Organizations that want to build and maintain a viable and valuable cybersecurity defensive posture must understand what use cases are and how they will benefit the organization. Additionally, these businesses must make sure they have the tools and staff in place to successfully manage and maintain deployed and future use cases.

Identifying the correct use cases and how to implement, tune and monitor rules enabling successful deployment takes time, focus, business ownership and follow-up. When an organization decides to deploy cybersecurity people, processes and technologies, they must also determine what they must protect against. Many entities look at their competition and similar businesses in their markets to see what they do, and then pattern their implementations accordingly. While this technique delivers success quite frequently, it cannot be a single method for a company to follow. Organizations must look inward and see what risks they face and then compare those to other businesses in the same arena.

Focus on Real-World Situations

Deciding which use cases best meet the needs of a company requires a thorough understanding of the business goals, technologies in use and clarity around what the people monitoring, managing and maintaining the use cases can do. Some use cases are relatively clear and simple to implement and manage, while others take substantial technologies and skill to tune to such a level that the organization can successfully utilize the output surrounding the use case.

Examples include protection against a distributed denial-of-service (DDoS) attack or a spear phishing campaign. The DDoS use case may simply rely upon traffic volume hitting external firewalls while a spear phishing campaign may need traffic flow analysis, network insights that include packet inspection up to and including specific texts within emails as well as capability to search for and identify specific artifacts related to the attack. While all organizations would inherently want both capabilities, not all have the tools or expertise that enable proper implementation and execution to manage these use cases.

One way to reduce the seemingly overwhelming task of identifying the use cases that specifically help an organization is to focus on regulatory and legal requirements. Simple examples include financial services entities focusing on use cases around Sarbanes-Oxley and/or PCI-DSS policies and requirements. Healthcare organizations can dedicate their use case focus around the Health Insurance Portability and Accountability Act (HIPAA). Several use cases that protect these organizations from a compliance issue deal with authorization and access restrictions. Building use cases around these areas ensures the business can comply with the specific regulations as well as guarantee they are in line with their competitors and peer organizations.

Know What Your Business Needs to Move Forward

Use cases play a key role in enabling organizations to focus on relevant cybersecurity defenses. To deploy the proper use cases, businesses should understand the organization’s needs and goals. Investigating and understanding what competitors and peers protect against adds value, although this method cannot be a standalone in determining what use cases a business should implement and focus on. Having the proper people, processes and technologies in place is a requirement to ensure effective use case implementation and monitoring.

To assure a viable and successful cybersecurity defense, businesses need to know what they need to protect against and focus on deploying, managing and maintaining current and future SIEM use cases aligned with business goals and technology capabilities. Eliciting support from consulting practices to review current use cases, aligning them with business needs, and modifying or deploying new use cases will help customers focus on needs and increase cybersecurity maturity.

Learn more about use case review and design

More from Security Services

Ransomware Renaissance 2023: The Definitive Guide to Stay Safer

2 min read - Ransomware is experiencing a renaissance in 2023, with some cybersecurity firms reporting over 400 attacks in the month of March alone. And it shouldn’t be a surprise: the 2023 X-Force Threat Intelligence Index found backdoor deployments — malware providing remote access — as the top attacker action in 2022, and aptly predicted 2022’s backdoor failures would become 2023’s ransomware crisis. Compounding the problem is the industrialization of the cybercrime ecosystem, enabling adversaries to complete more attacks, faster. Over the last…

2 min read

BlackCat (ALPHV) Ransomware Levels Up for Stealth, Speed and Exfiltration

9 min read - This blog was made possible through contributions from Kat Metrick, Kevin Henson, Agnes Ramos-Beauchamp, Thanassis Diogos, Diego Matos Martins and Joseph Spero. BlackCat ransomware, which was among the top ransomware families observed by IBM Security X-Force in 2022, according to the 2023 X-Force Threat Intelligence Index, continues to wreak havoc across organizations globally this year. BlackCat (a.k.a. ALPHV) ransomware affiliates' more recent attacks include targeting organizations in the healthcare, government, education, manufacturing and hospitality sectors. Reportedly, several of these incidents resulted…

9 min read

How I Got Started: Offensive Security

3 min read - In the high-stakes world of cybersecurity, offensive security experts play a pivotal role in identifying and mitigating potential threats. These professionals, sometimes referred to as “ethical hackers”, use their skills to probe networks and systems in search of vulnerabilities, ultimately helping organizations fortify their digital defenses. In this exclusive Q&A, we spoke with a seasoned offensive security professional. Benjamin Netter is a cybersecurity expert and the founder and CEO of Riot, a cybersecurity platform created for employee protection. His goal is…

3 min read

Is Your Critical SaaS Data Secure?

4 min read - Increasingly sophisticated adversaries create a significant challenge as organizations increasingly use Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS) to deliver applications and services. This mesh of cloud-based applications and services creates new complexities for security teams. But attackers need only one success, while defenders need to succeed 100% of the time. Organizations are contending with an exponential rise in advanced threats that are not only increasing in volume but also sophistication. The IBM Cost of Data Breach Report 2022 found…

4 min read