Last week was a long week – but a very rewarding one! I was on the road for the whole week, first in Orlando for BMC Engage, and then in Las Vegas for the Qualys Security Conference. I was speaking at both events about the importance of closing the SecOps gap, the break between audit and remediation which is the cause of so many security breaches and compliance failures.
At Engage the audience was made up mainly of BladeLogic users or people already interested in using BladeLogic – in other words, people from the Ops side of the gap: system administrators and related roles. At QSC on the other hand the audience was of security practitioners, analysts and auditors. It was interesting to see how enthusiastic both audiences were about the possibility of closing the gap, of working more closely with their colleagues in the other role.
We have been working with some joint customers of BMC and Qualys to make that happen, and we have built a new portal to do it. This portal shows combined information from both BMC BladeLogic and Qualys, helping users get a better understanding of their environment. Administrators can quickly identify unmanaged servers, for instance, which might have been provisioned without full visibility or control from IT. The next logical step is to enrol them under management by deploying the BladeLogic agent.
Once information from both Qualys and BladeLogic is available, the portal really comes into its own, presenting a combined, holistic view of the security and compliance state, including both confirmed and potential vulnerabilities. These vulnerabilities can then be filtered and sorted, both according to the severity of the issue identified, and by business risk and impact of the affected systems.
All of this is still on the Security side of the SecOps gap. Where the gap starts to close is with the remediation capabilities that BladeLogic brings. The portal will verify that remediation actions are available for each reported vulnerability and allow the user to execute them immediately or schedule them for future execution. Many issues can be corrected simply. In fact, most vulnerabilities simply require a patch to be installed, and the patches are generally available either on day the vulnerability is disclosed, or very soon after.
Naturally other factors may mean that it is not immediately possible to remediate all vulnerabilities, so the portal also has the ability to create a change request automatically to govern the remediation process. Routine, recurring issues may receive automatic approval, with the system ensuring that a full audit trail is created and updated. More sensitive issues may require a more in-depth analysis before approval can be granted. There may be situations where an exception to standard policy is the correct response, but again, it is very important to track and document these exceptions to avoid future problems.
In all of these cases, the remediation action is fully automated with BladeLogic, which also means that it benefits from automatic rollback, network bandwidth management, multi-platform support, and full logging and visibility.
This is how we close the SecOps gap, and with it, the window of vulnerability to security breaches or audit failures: by accelerating the remediation of identified security vulnerabilities or compliance violations.
To find out more about this topic, I would like to invite you to a webinar on the 28th, where I will be discussing this topic together with Forrester analyst Renee Murphy. Sign up here for the live webinar, but if you are unable to attend, the session will be recorded for later replay. You can also read more at bmc.com/compliance.