Best Offense And Defense Strategy For Risk And Security – Chuck Leaver

Written By Roark Pollock And Presented By Chuck Leaver Ziften CEO

 

Danger management and security management have long been dealt with as different functions typically performed by separate practical groups within an organization. The acknowledgment of the requirement for constant visibility and control across all assets has increased interest in looking for commonalities between these disciplines and the schedule of a brand-new generation of tools is enabling this effort. This discussion is extremely current given the ongoing problem many business organizations experience in bringing in and retaining certified security personnel to manage and secure IT infrastructure. A marriage of activity can help to better take advantage of these important personnel, decrease costs, and assist automate response.

Historically, danger management has been deemed an attack mandate, and is generally the field of play for IT operations teams. Often referred to as “systems management”, IT operations groups actively carry out device state posture monitoring and policy enforcement, and vulnerability management. The goal is to proactively mitigate possible risks. Activities that enhance risk decreasing which are performed by IT operations consist of:

Offending Risk Mitigation – Systems Management

Asset discovery, stock, and refresh

Software application discovery, usage tracking, and license rationalization

Mergers and acquisition (M&A) risk assessments

Cloud workload migration, tracking, and enforcement

Vulnerability evaluations and patch installs

Proactive help desk or systems analysis and problem response/ repair

On the other side of the field, security management is viewed as a protective game, and is generally the field of play for security operations teams. These security operations groups are normally responsible for danger detection, incident response, and resolution. The objective is to respond to a risk or a breach as quickly as possible in order to decrease impacts to the organization. Activities that fall squarely under security management which are performed by security operations consist of:

Defensive Security Management – Detection and Response

Threat detection and/or risk searching

User behavior tracking / insider danger detection and/or hunting

Malware analysis and sandboxing

Occurrence response and threat containment/ removal

Lookback forensic examinations and origin determination

Tracing lateral threat motions, and further threat removal

Data exfiltration determination

Effective businesses, naturally, need to play both offense AND defense similarly well. This requirement is driving organizations to acknowledge that IT operations and security operations need to be as lined up as possible. Therefore, as much as possible, it helps if these two teams are playing utilizing the very same playbook, or a minimum of working with the exact same data or single source of fact. This suggests both teams must strive to utilize a few of the same analytic and data collection tools and methods when it comes to managing and securing their endpoint systems. And if companies rely on the exact same workers for both tasks, it definitely assists if those people can pivot between both tasks within the very same tools, leveraging a single data set.

Each of these offensive and defensive tasks is critical to protecting an organization’s intellectual property, track record, and brand name. In fact, managing and prioritizing these jobs is what often keeps CIOs and CISOs up at night. Organizations should acknowledge chances to line up and consolidate teams, technologies, and policies as much as possible to guarantee they are concentrated on the most urgent need along the present danger and security management spectrum.

When it concerns handling endpoint systems, it is clear that organizations are approaching an “all the time” visibility and control model that allows continuous danger assessments, continuous danger monitoring, as well as constant efficiency management.

Thus, companies need to search for these 3 crucial abilities when assessing brand-new endpoint security systems:

Solutions that offer “all the time” visibility and control for both IT operations groups and security operations groups.

Solutions that supply a single source of fact that can be used both offensively for risk management, and defensively for security detection and response.

Architectures that easily integrate into existing systems management and security tool ecosystems to deliver even higher value for both IT and security teams.

Leave a Reply

Your email address will not be published. Required fields are marked *