Written By Roark Pollock And Presented By Chuck Leaver Ziften CEO
Danger management and security management have long been dealt with as different functions typically performed by separate practical groups within an organization. The acknowledgment of the requirement for constant visibility and control across all assets has increased interest in looking for commonalities between these disciplines and the schedule of a brand-new generation of tools is enabling this effort. This discussion is extremely current given the ongoing problem many business organizations experience in bringing in and retaining certified security personnel to manage and secure IT infrastructure. A marriage of activity can help to better take advantage of these important personnel, decrease costs, and assist automate response.
Historically, danger management has been deemed an attack mandate, and is generally the field of play for IT operations teams. Often referred to as “systems management”, IT operations groups actively carry out device state posture monitoring and policy enforcement, and vulnerability management. The goal is to proactively mitigate possible risks. Activities that enhance risk decreasing which are performed by IT operations consist of:
Offending Risk Mitigation – Systems Management
Asset discovery, stock, and refresh
Software application discovery, usage tracking, and license rationalization
Mergers and acquisition (M&A) risk assessments
Cloud workload migration, tracking, and enforcement
Vulnerability evaluations and patch installs
Proactive help desk or systems analysis and problem response/ repair
On the other side of the field, security management is viewed as a protective game, and is generally the field of play for security operations teams. These security operations groups are normally responsible for danger detection, incident response, and resolution. The objective is to respond to a risk or a breach as quickly as possible in order to decrease impacts to the organization. Activities that fall squarely under security management which are performed by security operations consist of:
Defensive Security Management – Detection and Response
Threat detection and/or risk searching
User behavior tracking / insider danger detection and/or hunting
Malware analysis and sandboxing
Occurrence response and threat containment/ removal
Lookback forensic examinations and origin determination
Tracing lateral threat motions, and further threat removal
Data exfiltration determination
Effective businesses, naturally, need to play both offense AND defense similarly well. This requirement is driving organizations to acknowledge that IT operations and security operations need to be as lined up as possible. Therefore, as much as possible, it helps if these two teams are playing utilizing the very same playbook, or a minimum of working with the exact same data or single source of fact. This suggests both teams must strive to utilize a few of the same analytic and data collection tools and methods when it comes to managing and securing their endpoint systems. And if companies rely on the exact same workers for both tasks, it definitely assists if those people can pivot between both tasks within the very same tools, leveraging a single data set.
Each of these offensive and defensive tasks is critical to protecting an organization’s intellectual property, track record, and brand name. In fact, managing and prioritizing these jobs is what often keeps CIOs and CISOs up at night. Organizations should acknowledge chances to line up and consolidate teams, technologies, and policies as much as possible to guarantee they are concentrated on the most urgent need along the present danger and security management spectrum.
When it concerns handling endpoint systems, it is clear that organizations are approaching an “all the time” visibility and control model that allows continuous danger assessments, continuous danger monitoring, as well as constant efficiency management.
Thus, companies need to search for these 3 crucial abilities when assessing brand-new endpoint security systems:
Solutions that offer “all the time” visibility and control for both IT operations groups and security operations groups.
Solutions that supply a single source of fact that can be used both offensively for risk management, and defensively for security detection and response.
Architectures that easily integrate into existing systems management and security tool ecosystems to deliver even higher value for both IT and security teams.