Security threats are becoming a more serious and frequent problem than ever before, costing companies millions of dollars per breach event. The good news is that many of these could be avoided, as hackers frequently take advantage of known vulnerabilities. The bad news is that many organizations are unprepared because IT Operations and Security teams aren’t able to work together effectively to identify, remediate, and track vulnerabilities easily. They are caught on either side of the SecOps Gap. Competing priorities, tools that don’t tie together, and a lack of automation make it really tough for them to meet the demands of the business and stare down the threat of hackers. IT Leaders are starting to recognize the gravity of this problem and are struggling to come up with new solutions to help them.
Solve the Root Cause
Similar to DevOps, SecOps links the Security and Operations teams together to work with shared accountability, processes, and tools to ensure that companies do not have to sacrifice security to maintain a commitment to business agility.
- Shared Accountability
One of the first steps in moving toward a SecOps culture is removing the “us” versus “them” perspective between Security and Operations teams. Leaders need to step in and demonstrate that, they are all accountable for making sure the organization and its customers are protected. Gone are the days of dropping off the indecipherable results of the latest vulnerability scan on someone else’s desk and thinking you’re “done.”
Evaluate tools and processes to see if they enable or inhibit collaboration. When I speak with teams grappling with these issues, I see processes buried in time-consuming, repetitive, manual steps with rough handoffs. Tasks that have predictable or required steps and need to be repeated over and over again should be automated. Another issue I see is the inability to sort and prioritize to get the most important security vulnerabilities to the top of the queue. This can be addressed with tools that automate the process of mapping vulnerabilities to infrastructure and prioritizing which to fix first. Without automation, these processes are performed by hand — making them error-prone, time-consuming, and cumbersome.
Tools to Support SecOps
You need the right SecOps solution to transform disconnected initiatives into a single, unified, secure, and comprehensive process which improves collaboration between Security and Operations. Your solution should be able to accelerate vulnerability resolution, reduce the cost of remediation, and enable companies to avoid major security issues.
Specifically, the solution should provide the following key capabilities out of the box:
- Tie “what to fix” with “how to fix it” by linking vulnerabilities to identified fixes.
- Automate the deployment of the fixes based on rules, policies, and priorities set by the business.
- Bring together Security and Operations teams by enabling them to share data on vulnerabilities present before and after remediation.
- Remove tedious and error-prone manual efforts by providing direct integration with change management and reporting.
Take a Comprehensive Approach – Manage by Policy to Identify, Remediate, and Track Vulnerabilities
Some organizations get bogged down and fail to meet objectives because they are too reactive and manage by alert. Instead, when organizations focus on becoming more proactive and manage by policy, they can automatically address security issues to protect their company.
By taking a comprehensive approach that identifies vulnerabilities, organizations can plan ahead and automate tasks. This makes it possible to speed up security and compliance-related activities significantly and help the eliminate disruption of normal business activity. As a result, both audit and remediation become routine, ongoing activities and not emergencies.
The ability to prioritize vulnerability data by importance, enables IT Operations to prioritize patching and make better use of resources and provide the Security team with more granular, actionable visibility into the state of security.
Use Cases: Benefits of Taking a Unified SecOps A
- A major insurance company managed by policy and was able to reduce resolution times for compliance issues from days or even weeks down to just minutes. The company also saved more than 9,000 hours in staff time in the first seven months by defining more than 135 automated responses and handling nearly 95,000 events automatically.
- A leading provider of IT products and services reduced the time for server provisioning from two months to five days.
- A government entity reduced the time for audit report creation from 32 hours to 15 minutes.
To learn more about how to fill the SecOps gap to close security loopholes faster and unite Security and IT Operations, watch this webinar: //www.brighttalk.com/webcast/7591/144035
These postings are my own and do not necessarily represent BMC's position, strategies, or opinion.