Written By Chuck Leaver Ziften CEO
It was nailed by Scott Raynovich. Having dealt with numerous organizations he realized that one of the most significant difficulties is that security and operations are two different departments – with significantly varying objectives, varying tools, and different management structures.
Scott and his analyst firm, Futuriom, recently completed a study, “Endpoint Security and SysSecOps: The Growing Trend to Build a More Secure Business”, where one of the key findings was that conflicting IT and security goals prevent experts – on both teams – from attaining their goals.
That’s exactly what our company believe at Ziften, and the term that Scott created to speak about the convergence of IT and security in this domain – SysSecOps – describes perfectly exactly what we’ve been speaking about. Security teams and the IT groups need to get on the same page. That means sharing the same objectives, and in many cases, sharing the same tools.
Think about the tools that IT individuals utilize. The tools are created to make sure the infrastructure and end devices are working effectively, when something fails, helps them fix it. On the endpoint side, those tools help guarantee that devices that are allowed onto the network, are configured appropriately, have software that’s licensed and effectively patched/updated, and haven’t registered any faults.
Consider the tools that security people use. They work to enforce security policies on devices, infrastructure, and security devices (like firewalls). This may include active monitoring events, scanning for abnormal behavior, examining files to ensure they do not consist of malware, embracing the latest threat intelligence, matching against freshly found zero-days, and carrying out analysis on log files.
Finding fires, fighting fires
Those are 2 varying worlds. The security teams are fire spotters: They can see that something bad is happening, can work quickly to isolate the issue, and identify if damage took place (like data exfiltration). The IT teams are on-the-ground firefighters: They leap into action when an incident occurs to guarantee that the systems are made safe and restored into operation.
Sounds great, right? Unfortunately, all too often, they don’t speak with each other – it resembles having the fire spotters and fire fighters using different radios, different lingo, and different city maps. Worse, the groups cannot share the same data directly.
Our technique to SysSecOps is to supply both the IT and security teams with the same resources – which indicates the very same reports, presented in the proper ways to experts. It’s not a dumbing down, it’s working smarter.
It’s ridiculous to work in any other way. Take the WannaCry virus, for example. On one hand, Microsoft released a patch back in March 2017 that resolved the underlying SMB flaw. IT operations groups didn’t install the patch, since they didn’t think this was a big deal and didn’t talk with security. Security teams didn’t know if the patch was installed, because they do not talk with operations. SysSecOps would have had everybody on the very same page – and might have possibly prevented this issue.
Missing data indicates waste and threat
The inefficient space in between IT operations and security exposes organizations to threats. Avoidable danger. Unneeded threats. It’s simply unacceptable!
If your company’s IT and security groups aren’t on the very same page, you are incurring dangers and expenses that you shouldn’t need to. It’s waste. Organizational waste. It’s wasteful due to the fact that you have so many tools that are offering partial data that have spaces, and each of your groups only sees part of the picture.
As Scott concluded in his report, “Coordinated SysSecOps visibility has actually currently shown its worth in helping companies evaluate, analyze, and prevent significant threats to the IT systems and endpoints. If these objectives are pursued, the security and management dangers to an IT system can be greatly decreased.”
If your teams are collaborating in a SysSecOps type of way, if they can see the same data at the same time, you not only have better security and more effective operations – but likewise lower danger and lower costs. Our Zenith software application can help you attain that performance, not only working with your existing IT and security tools, however likewise completing the gaps to make sure everybody has the right data at the right time.