Another day another headline about a security breach. Organizations both public and private are under attack by an enemy who is well resourced, highly motivated, and hidden from view. In today’s digital world where everything has to be accessible, how can organizations mitigate the risks that hackers, vulnerabilities, unidentified systems and misconfigurations present? The answer is that it’s complicated and it requires collaboration between two teams that don’t know a lot about each other, and often don’t have the time or interest to learn more.
First, there is the security team who is actively trying to defend against hackers, enforce security and compliance policies and continuously scan the environment to identify vulnerabilities. But they can only scan the systems they know about, and they are not always informed when new systems are deployed, which creates potential blind spots in their reviews. When they identify issues, they send information to the operations team as a high priority item. But the reports they send over don’t have any operational context. No priorities. No information about the actual systems where the threat has been identified. Just a red alert and demands to fix it ASAP.
Meanwhile, the operations team is making sure the business is focused on performance, uptime and stability to make sure the business runs smoothly. They are also the unenthusiastic recipients of the aforementioned reports from security. Their lack of enthusiasm is not because they do not care about security, of course they do, but the manual effort required to make sense of the reports can be overwhelming for a team that is most likely already feeling under-resourced. Identifying the impacted systems, as well as balancing the risks the threat represents against the performance and uptime requirements the business demands is challenging. On top of that, operations has to test the fix and fit it into the next available maintenance window. None of this is easy and that’s why it takes, on average more than 190 days to fix these issues.
The lack of integration and coordination between security and operations is leaving the door wide open for attacks and compliance violations. For over a year we have been talking to our customers about SecOps, which reduces the attack surface and leverages automation to ease the burden of manual processes. It also creates visibility and traceability so everyone is on the same page regarding the specific steps in the security operations workflow. Customers have often shared with us that infrastructure and visibility without context are two of the biggest issues preventing them from scaling and accelerating their ability to address risks. It’s these pain points that led us to develop strategic capabilities that enable customers to eliminate blind spots and automate the process that security and operations teams follow to find and fix issues.
I am excited to announce today’s launch of BladeLogic Threat Director 2.2, which is another important milestone in our SecOps strategy. We are building on the momentum from our initial BladeLogic Threat Director release by expanding it with critical capabilities to remove blind spots and improve the ability to prioritize and remediate vulnerabilities.
Some highlights from BladeLogic Threat Director 2.2 include:
Blind Spot Awareness
Through integration with BMC Discovery, operations teams will be able to identify rogue systems, and identify un-scanned and non-managed assets in their environments. This allows them to set up a plan to automatically bring them under management, and bring them into compliance with policies or remove them from the environment altogether.
Integration with BMC Discovery will also deliver the ability for operations teams to be able to identify the applications, services and dependencies that exist in the environment, so they will now know which business services they are impacting BEFORE they make a change.
Extension to Networking
BladeLogic Threat Director is now integrated with BladeLogic Network Automation which enables customers to automatically prioritize and remediate vulnerabilities for networking devices.
BladeLogic Threat Director remains the only automation solution that natively integrates vulnerability data and operationally enriches that data, which accelerates the operations team’s ability to figure out what to do with those multi-thousand line reports for both servers and networks. It builds that bridge for actionable information to flow quickly between security and operations, allowing organizations to set up a strong defense against hackers. They will still fight to get in, but this way you’ve made it as hard as you possibly can, and may have also limited their ability to move around once they do get in.
These postings are my own and do not necessarily represent BMC's position, strategies, or opinion.