How to implement modern investigations and case management software

Aug. 22, 2022
Robust, unified platforms can help security teams see around corners and anticipate threats

Many industries today are embracing software to help them modernize their operations and eliminate manual, outdated processes. The security industry has begun to embrace technology, but the solutions created for security teams are often inflexible and outdated, making it difficult for them to adapt to change.

Collecting and connecting threat data while also managing incidents and investigations, research and cases have been integral to a security team’s operation for decades. Historically, solutions created to alleviate manual work in these areas have not been architected in an open, flexible, modern way to ensure they can adapt to the changing times. Nor do they exist all in one place. This means the need for modern and adaptable case management technology solutions has never been greater than it is now. 

Point Solutions vs. End-to-End

Point solutions address a single challenge of a team or a business - they do one thing really, really well. There are countless examples out there, and they serve an important purpose. It’s vital to be able to recognize the value of point solutions, how to use them effectively, and how they can benefit your business. For security teams, oftentimes processes are so complex that their needs outgrow a single-point solution. The next step is often layering various point solutions to create what seems like a holistic solution. How do you determine if your needs warrant implementing a point solution, multiple point solutions or an end-to-end platform? Here are some considerations:

  • Cost: Point solutions often have a lower up-front or one-time cost, while platforms may have a higher cost at first, but have more predictability with pricing - it’s helpful to think of a platform’s cost as a longer-term investment, for both your team and business. Oftentimes, it ends up being cheaper overall to implement a platform instead of multiple-point solutions.
  • Time and personnel: Managing multiple point solutions can consume a significant amount of time because your data is stored in multiple systems with different capabilities and structures. Pulling a report, for example, could take much longer as you are pulling different pieces of information from different systems. Take this productivity factor into consideration. 
  • Unified intelligence and missed threats: With data in multiple systems, the biggest danger of a tech stack of point solutions for security teams is missed threats. According to a 2022 survey of physical security, legal and compliance executives, 84% agreed that the lack of unified intelligence at their organization resulted in missed threats. 
 Many teams are at an inflection point - they have one point solution that isn’t keeping pace with their needs, or they have too many point solutions that interfere with collaboration and ultimately their ability to do their jobs successfully. If your team’s goals involve connecting intelligence and owning your own workflows and processes, it may be time to move beyond a point solution. 

A New Way to Think About Software

We’ve heard it before - digital transformation is here. Software is all but necessary to help us all do our jobs better. But what does this mean for how your team should approach the software you implement, whether that be a point solution or an end-to-end platform?

I like to think of it in terms of concentric circles. Concentric circles build upon each other, but all have a common midpoint. Software should be unified at its core - each solution is built with a core purpose in mind. However, if that’s where it ends, you’re left with just a few circles and a solution that is inflexible and unadaptable.

The security industry has traditionally been presented with rigid solutions akin to empty containers and workflows. These solutions have their purpose, but when a new use case or business need emerges, it can be difficult for a solution like this to serve these changing needs. Think of these traditional solutions as the center of the concentric circle, and maybe a few circles on top of that - the core but not anything more.

Flexible solutions have the ability to build upon themselves to allow for adaptability and to support the changing needs of the team and business. Take case management, for example. Many security teams utilize a case management software solution to help them research, document and report and track cases. Case management solutions are built as empty vessels - security teams are responsible for putting in the history and loading the cases. 

But what if you need to swap out or modify a layout, even add a field within your case management solution? Your team should be able to make these modifications yourselves - adding additional concentric circles. Perhaps a new use case emerges and you need to customize a view, build a new module or conduct an investigation with data from a third-party source. Again, you’re adding circles to meet an evolving need. Soon, you have a solution that is customized specifically for you and your team’s needs. The concentric circles keep building, yet the core purpose of the solution (managing cases) is still there. 

Future-Proof your Business

In the security industry, robust, unified platforms can help security teams see around corners and anticipate threats, thereby protecting their employees, assets and business. If your team is currently rethinking your strategy and approach to your tech stack, consider this question: will my solution (or stack) still be able to serve my team’s evolving needs in the next five years? 

If the answer is yes, congratulations, your solution has the ability to adapt to the times. Your concentric circle model will continue to grow and build upon itself and by thinking about software in this way, you’re helping to future-proof your business. Case management software that is integrated with an end-to-end platform is a notable example of this. If the answer is no, think about why that is and consider a solution where adding on capabilities - rings to your concentric circle - isn’t difficult or cumbersome, rather your team is enabled to do this themselves. Don’t let your incidents go unmanaged because your software can’t keep up with the evolving threat landscape and changing times.

About the author: Manish Mehta serves as the Chief Product Officer at Ontic where he is responsible for the company’s product strategy and market execution of best-in-class software used by Fortune 500 and developing enterprises. Mehta has driven disruptive innovations in the software industry for over 30 years from the earliest days of B2C eCommerce at scale, the adoption of social media across all major departments within a large enterprise, to the development of big data platforms and infrastructure to support digital marketing across global industries.