Two Data points is a trend. Three Data points is a story

1/16/19 3:50 PM  |  by Kevin O'Toole

Data is the building block of everything we see and do in the Digital Age. But our reliance on data goes beyond that. As a Managed Security Services provider, our mission is to ensure that all data is handled securely. Securing client data and providing peace of mind isn’t possible without analyzing data we have gathered about our clients. Much of this is used in reporting service health to our clients, but the majority is used to improve services and processes.


The first hurdle in gathering data is knowing who it is intended for: engineers are most interested in technical data, managers typically like to see overall health and performance, and executives like to know their investment is meeting their needs. All of these interests are important and all of them often come from the same data with different interpretations. After all, data only becomes information when it is analyzed, organized, and presented. Once we know the audience, we need to find the best source of that data.


MSS data can come from many sources. If we are managing a platform that provides health and performance metrics, we can get it directly from there. We do this with many of our SIEM platforms to report metrics such as alarm volume and utilization. We can pull data from alarms we receive in Watchtower and analyze what we do with that alarm after receiving it. Even something as simple as tracking ticket metrics to help improve basic performance relies on a robust data reporting system. Internal performance is constantly monitored to ensure that tickets are handled in a thorough and timely manner.

Information Creation

The real magic happens when that data becomes information. We are constantly tracking and interpreting our data to monitor trends from volume of work to level of effort, all geared towards improving the customer experience. Data on system volume and health is tracked and reviewed from month to month to determine each client’s baseline levels; any months well over or under that average can be investigated for potential issues in service or process. Watchtower data, although a relatively new source, is producing great results in our efforts to improve service: more robust SLA tracking, down to the second alert reporting, and improved Agent performance monitoring are all things we are beginning to leverage in Watchtower.

Monthly Metrics

Every month I capture and analyze a growing list of key pieces of data that help drive team and service improvement. I find that volume metrics are useful for tracking client health trends and reviewing deviations from the norm not only throughout the year, but from year to year as well. Knowing how your systems are performing compared to historical data is essential to reviewing where you’ve been and looking ahead to where you are going. Tracking that volume allows us to improve our ability to adjust our pricing and adjust staffing based on what we’ve seen in the past and what we expect moving forward. Tracking data allows me to compare similarly sized clients, different industries, and even clients with similar custom processes, to improve service for current clients and future ones.

I like to say that if you give me two data points, I can show you a trend, and if you give me three, I can tell you a story. Ultimately that’s what data does: it tells us a story based on how we interpret it. Data can be sliced in countless different ways, and I am constantly on the lookout for the best way to slice it to answer the question at hand.

Subscribe to Our Blog

Follow everything RedLegg as we provide comprehensive solutions for real-world data protection and security challenges.

Related Articles

Boiled Down: MDR vs SIEM vs MSSP siem, mss, incident response

Boiled Down: MDR vs SIEM vs MSSP

When thinking about Managed Detection and Response, SIEM, and Managed Security Service Providers, which will help you ...
New eBook: Choose Your Best SIEM Service Provider siem, mss

New eBook: Choose Your Best SIEM Service Provider

Many organizations, maybe even yours included, have major flaws in their security operations. To help solve your ...