Written By Chuck Leaver Ziften CEO
It was nailed by Scott Raynovich. Having actually dealt with numerous organizations he realized that one of the greatest difficulties is that security and operations are 2 distinct departments – with drastically different objectives, varying tools, and varying management structures.
Scott and his analyst firm, Futuriom, recently finished a research study, “Endpoint Security and SysSecOps: The Growing Pattern to Develop a More Secure Enterprise”, where one of the crucial findings was that contrasting IT and security goals hamper specialists – on both teams – from attaining their objectives.
That’s precisely what our company believe at Ziften, and the term that Scott produced to discuss the merging of IT and security in this domain – SysSecOps – explains completely exactly what we’ve been talking about. Security groups and the IT teams must get on the same page. That implies sharing the same objectives, and in many cases, sharing the very same tools.
Think about the tools that IT individuals use. The tools are designed to ensure the infrastructure and end devices are working correctly, when something goes wrong, helps them fix it. On the endpoint side, those tools help make sure that devices that are permitted onto the network, are configured properly, have software applications that are authorized and effectively updated/patched, and have not registered any faults.
Think about the tools that security folks utilize. They work to enforce security policies on devices, infrastructure, and security apparatus (like firewalls). This might include active tracking incidents, scanning for irregular habits, taking a look at files to ensure they don’t contain malware, embracing the current risk intelligence, matching against newly found zero-days, and performing analysis on log files.
Finding fires, fighting fires
Those are 2 different worlds. The security teams are fire spotters: They can see that something bad is occurring, can work rapidly to isolate the issue, and determine if damage happened (like data exfiltration). The IT groups are on the ground firefighters: They jump into action when an event strikes to ensure that the systems are made safe and restored into operation.
Sounds excellent, doesn’t it? Regrettably, all frequently, they don’t speak to each other – it’s like having the fire spotters and fire fighters utilizing dissimilar radios, different lingo, and dissimilar city maps. Worse, the teams can’t share the very same data directly.
Our method to SysSecOps is to supply both the IT and security groups with the exact same resources – which suggests the exact same reports, provided in the suitable ways to experts. It’s not a dumbing down, it’s working smarter.
It’s ridiculous to work in any other way. Take the WannaCry infection, for example. On one hand, Microsoft released a patch back in March 2017 that dealt with the underlying SMB defect. IT operations groups didn’t install the patch, because they didn’t think this was a big deal and didn’t speak with security. Security groups didn’t understand if the patch was set up, because they don’t talk with operations. SysSecOps would have had everyone on the same page – and could have potentially avoided this issue.
Missing out on data means waste and risk
The inefficient space in between IT operations and security exposes organizations to threats. Preventable threats. Unneeded threats. It’s simply undesirable!
If your organization’s IT and security groups aren’t on the same page, you are incurring risks and expenses that you shouldn’t need to. It’s waste. Organizational waste. It’s wasteful because you have a lot of tools that are supplying partial data that have spaces, and each of your groups only sees part of the picture.
As Scott concluded in his report, “Collaborated SysSecOps visibility has actually currently proven its worth in assisting organizations assess, analyze, and prevent substantial dangers to the IT systems and endpoints. If these goals are pursued, the security and management threats to an IT system can be significantly lessened.”
If your groups are interacting in a SysSecOps type of method, if they can see the exact same data at the same time, you not just have better security and more effective operations – but also lower danger and lower expenses. Our Zenith software application can help you achieve that effectiveness, not only dealing with your existing IT and security tools, but also filling in the gaps to make sure everyone has the best data at the correct time.