Request A Consultation
Jerry Dawkins and Argo

INTRODUCING

the Argo Security Management Platform

By Jerald Dawkins, Ph.D., Chief Technology Officer, CISO Global, Inc.

Introducing Argo Security Management: A CISO Global platform designed to make your life a little bit easier

At CISO Global, we’ve been using a platform with clients for several years to help them manage their security programs. So, maybe “introducing” isn’t really the right word. Built out of our own need for something we couldn’t find on the market, Argo Security Management helps security program managers do what they do every day, only better and faster.

There are so many challenges facing cybersecurity practitioners that it’s resulted in a tremendous amount of turnover. That doesn’t look to be trending in the right direction, either. We wanted to do something to ease these challenges – for our clients, and for the industry in general.

The challenge of measuring risk

CISOs use a wide variety of toolsets, vendors, and services to run their security programs – and that list is only growing year over year: EDR, firewalls, SIEM, backup servers, patch and vulnerability management tools, pen tests, GRC trackers, risk assessment reports.  In fact, on any given day a CISO is looking at lot of disparate datasets and trying to bring it all together to understand, What is the risk to my organization right now?

If I’m a CISO, I want to know – Are my controls effective? What’s changed since the last time I reviewed these datasets? How does the data from this function interact with or impact data from that one? Where are my gaps? What new things do I need to bring to bear to support my organization? This is a significant challenge for CISOs. I’ve personally served as an outsourced CISO for many organizations in the past, and we consult with CISOs every day. It didn’t make sense to us that CISOs are responsible for a whole program, but all their vendors provide data that’s designed to make their offering look good – instead of really showing you what you need to see in an integrated way. Those kinds of metrics really just make you a better user of their product, rather than helping you see actual risk across your entire digital estate.

Visibility is dismal in most cases

To impact risk, you have to be able to make informed decisions, but your visibility is so limited with vendor-provided software, because they’re limited to what that product vendor wants you to see. A firewall provider is going to give you information about your firewall. A SIEM provider is just going to give you event alerts. You get the idea. Some vendors will aggregate their products into a portal, but that portal is still proprietary. Maybe one provider has the best SIEM technology, but you want to use another provider for your firewall. Why should you be limited in what you choose to implement? You need to architect solutions that are right for your environment, and everything should be playing together nicely – but more often than not, it doesn’t because of this lack of visibility. We found that our clients were wasting a tremendous amount of time just trying to understand how metrics in one platform impacted other services and tools. They were struggling to see trends due to the disparate and sprawling nature of this data. How could they make the kinds of quick decisions needed to secure a whole enterprise? They had a tremendous amount of data – just not necessarily the right data, and not necessarily in a very accessible format that made sense with everything else they needed to see.

Data formatting and delivery challenges

Another challenge is incorporating data from risk assessments and pen tests, because in most cases, you get a PDF report with a list of findings. It isn’t contextualized within your overall program. So, there’s one more format for data that has to be incorporated – and translated into action items you can track over time, using metrics, rather than checklists. You should be able to incorporate all of this information together to understand your risk, as well as your progress.

We recommend that our clients implement a GRC solution to replace compliance documentation spreadsheets, but that still gives them one more product to manage. We were working from the fundamental belief that your GRC solution should integrate with everything else, so you can track everything in the same place.

Argo was built from our own wish list

Having served as fractional CISOs for years, our experts were dealing with the same problems our clients were. It just took so long to pull all the relevant data, curate it properly, and understand it in aggregate that we finally just built our own platform.

We decided on these three main principles:

  1. Take a “digital first” approach.
  2. Curate disparate security data sets.
  3. Make it easy to navigate, report, and “zoom in”.
  4. Leverage data science and AI.

These core tenets have guided our progress in developing, testing, and refining the Argo Security Management platform from day one, and we keep them in front of us as we continue to develop new features.

1.Take a digital-first approach

This is really at the heart of what Argo is in terms of managing your cybersecurity program. Having all your data delivered digitally, rather than in PDFs, spreadsheets, or disparate tools that don’t connect with your other tools means efficiency and automation. It also really empowers CISOs to have a shared understanding with their operators. This addresses the common problem where you have managers with a narrow view that’s limited only to the data they have available within their service, and a leader who is trying to put all of this together for a true understanding of what’s happening. Having all your security data well-curated in a single pane of glass means the team can build a common understanding of trends. This means better collaboration and removing silos that slow down progress. People have been trying to reduce silos for years – but no one offered a tangible, simplified way to do it. So we built Argo.

Digital means real-time.

Your CISO can also click into a given metric anytime they want to understand more. This is really important, because service A could lend more context and credibility to an alert from toolset B. Doing that manually is time prohibitive to the point that it has historically limited or slowed progress in the overall security program, and it’s certainly limited tracking of progress.

A digital-first approach only made sense to us in a world where nearly everything else companies do is digital, integrated, and efficient. Why should every other dataset be curated and visualized in a way that makes it not only cohesive but measurable – except your cybersecurity program? Argo changes that because it was built by and for seasoned CISOs.

2. Curate disparate security data.

Data curation means we pick out and show you exactly what a CISO needs to see in order to understand their risk. Picking through unnecessary data is both time consuming and distracting from the main point. Rabbit holes can pull a CISO off course from the staying focused on seeing issues, identifying trends, and making decisions. You can always click into curated data for a deep dive, whereas when you’re jumping between tools, and none of that data takes into account what is happening elsewhere in your environment, it’s less valuable for decision-making.

3. Make it easy to navigate, report, and “zoom in”.

We wanted CISOs to be able to quickly get a snapshot of what’s happening across their entire program, then pull reports they can use to talk to boards and leadership (a big part of demonstrating ROI). But we also wanted them to be able to move between different data displays easily. As a CISO, you need to see it all, then dig into an anomaly without losing sight of the big picture or having to call a team member in, and you need to be able to see how well each of your teams are progressing.

4. Leverage Data Science and AI.

With new processes and capabilities in the field of data science, we committed ourselves to using the best and newest developments to provide valuable insights into cybersecurity program management. With a team of experts in-house, we are not only able to better understand trends across hundreds of environments, but we can also establish machine learning baselines for continued development.

Why Argo? Because Cybersecurity is a team sport!

Anyone who knows me has heard me say, “Cybersecurity is a team sport,” and Argo is how we have interpreted that concept for security practitioners: security executives, product managers, IT and compliance teams, board members – all the stakeholders in your program. In European football or American soccer, you have a goalkeeper, defenders, midfielders, forwards, and each of them have their own skill set, their own capability. In a similar way, you have toolsets and services that you that you employ to support your security program. But these things have to be working in concert with each other, and that’s at the heart of Argo.

You don’t want the forward playing independently of their midfield, or they will never win any games. And that’s the real challenge in cybersecurity. I also talk a lot about how to get ROI out of your security investments, your existing toolsets, and the biggest challenge people face is that they can’t tell how one aspect of your program is impacting everything else without a tremendous amount of digging.

Solving that lack of visibility and siloed efforts is what Argo is designed to do. It brings together all your security information – in real-time, not delayed or snapshot reports, shares that information amongst the various services, team members, toolsets, and capabilities, and gives you a clearer view of your security posture at any given time.

To talk with someone about reducing silos in your cybersecurity program and improving ROI, reach out to us and request a consultation.