Chuck Leaver – How To Manage Your Security And Risk Offense And Defense

Written By Roark Pollock And Presented By Chuck Leaver Ziften CEO


Danger management and security management have actually long been handled as different functions typically performed by different practical teams within a company. The acknowledgment of the requirement for constant visibility and control throughout all assets has increased interest in searching for commonalities in between these disciplines and the availability of a new generation of tools is allowing this effort. This discussion is really current given the continued difficulty many business organizations experience in drawing in and retaining qualified security workers to manage and protect IT infrastructure. An unification of activity can help to much better take advantage of these important workers, minimize expenses, and help automate response.

Historically, threat management has been considered as an attack mandate, and is typically the field of play for IT operations teams. In some cases described as “systems management”, IT operations groups actively perform device state posture monitoring and policy enforcement, and vulnerability management. The objective is to proactively mitigate prospective threats. Activities that enhance risk decreasing and that are carried out by IT operations consist of:

Offensive Threat Mitigation – Systems Management

Asset discovery, inventory, and refresh

Software application discovery, use tracking, and license rationalization

Mergers and acquisition (M&A) danger assessments

Cloud work migration, tracking, and enforcement

Vulnerability assessments and patch installs

Proactive help desk or systems analysis and problem response/ repair work

On the other side of the field, security management is considered as a protective game, and is normally the field of play for security operations groups. These security operations groups are normally responsible for danger detection, event response, and remediation. The goal is to respond to a threat or a breach as quickly as possible in order to lessen effects to the company. Activities that fall directly under security management which are performed by security operations include:

Defensive Security Management – Detection and Response

Danger detection and/or danger searching

User habits monitoring / insider danger detection and/or searching

Malware analysis and sandboxing

Event response and risk containment/ removal

Lookback forensic investigations and root cause determination

Tracing lateral threat motions, and even more threat elimination

Data exfiltration identification

Successful businesses, naturally, have to play both offense AND defense equally well. This need is driving organizations to recognize that IT operations and security operations need to be as aligned as possible. Therefore, as much as possible, it assists if these 2 teams are playing using the exact same playbook, or a minimum of working with the very same data or single source of truth. This implies both teams should aim to use a few of the exact same analytic and data collection tools and approaches when it concerns managing and protecting their endpoint systems. And if organizations rely on the exact same personnel for both jobs, it definitely helps if those individuals can pivot in between both jobs within the same tools, leveraging a single data set.

Each of these offensive and defensive jobs is important to securing an organization’s intellectual property, credibility, and brand name. In fact, handling and focusing on these jobs is what typically keeps CIOs and CISOs up during the night. Organizations should recognize opportunities to line up and consolidate teams, technologies, and policies as much as possible to ensure they are concentrated on the most immediate need along the existing danger and security management spectrum.

When it pertains to handling endpoint systems, it is clear that companies are moving toward an “all the time” visibility and control design that allows continuous threat evaluations, continuous risk monitoring, as well as constant performance management.

Hence, companies have to search for these 3 crucial abilities when assessing brand-new endpoint security investments:

Solutions that offer “all the time” visibility and control for both IT operations teams and security operations groups.

Solutions that provide a single source of truth that can be utilized both offensively for danger management, and defensively for security detection and response.

Architectures that easily integrate into existing systems management and security tool ecosystems to deliver even greater worth for both IT and security teams.