Written By Charles Leaver Ziften CEO
It was nailed by Scott Raynovich. Having actually dealt with numerous organizations he understood that one of the greatest difficulties is that security and operations are two different departments – with drastically varying goals, different tools, and different management structures.
Scott and his analyst firm, Futuriom, just completed a research study, “Endpoint Security and SysSecOps: The Growing Trend to Build a More Secure Enterprise”, where one of the essential findings was that clashing IT and security objectives hamper experts – on both groups – from achieving their goals.
That’s precisely what we believe at Ziften, and the term that Scott produced to discuss the convergence of IT and security in this domain – SysSecOps – describes perfectly exactly what we’ve been discussing. Security groups and the IT teams need to get on the very same page. That means sharing the very same goals, and in some cases, sharing the very same tools.
Consider the tools that IT people use. The tools are created to ensure the infrastructure and end devices are working appropriately, when something fails, helps them fix it. On the endpoint side, those tools help make sure that devices that are allowed onto the network, are configured properly, have software applications that are authorized and properly updated/patched, and haven’t recorded any faults.
Consider the tools that security individuals utilize. They work to enforce security policies on devices, infrastructure, and security devices (like firewall programs). This may include active monitoring incidents, scanning for abnormal habits, analyzing files to ensure they do not contain malware, embracing the most recent risk intelligence, matching against recently discovered zero-days, and carrying out analysis on log files.
Discovering fires, fighting fires
Those are two different worlds. The security teams are fire spotters: They can see that something bad is occurring, can work quickly to isolate the problem, and determine if damage occurred (like data exfiltration). The IT groups are on the ground firefighters: They jump into action when an event strikes to make sure that the systems are made safe and brought back into operation.
Sounds good, right? Regrettably, all too often, they don’t speak with each other – it’s like having the fire spotters and fire fighters utilizing dissimilar radios, dissimilar jargon, and dissimilar city maps. Worse, the groups can’t share the same data directly.
Our approach to SysSecOps is to supply both the IT and security teams with the same resources – and that indicates the very same reports, presented in the suitable ways to professionals. It’s not a dumbing down, it’s working smarter.
It’s ridiculous to operate in any other way. Take the WannaCry infection, for example. On one hand, Microsoft issued a patch back in March 2017 that resolved the underlying SMB defect. IT operations groups didn’t set up the patch, because they didn’t think this was a big deal and didn’t speak with security. Security groups didn’t know if the patch was set up, due to the fact that they do not speak to operations. SysSecOps would have had everyone on the same page – and might have potentially prevented this issue.
Missing data means waste and danger
The inefficient space in between IT operations and security exposes companies to risk. Preventable danger. Unneeded threats. It’s simply unacceptable!
If your company’s IT and security teams aren’t on the same page, you are incurring threats and expenses that you shouldn’t need to. It’s waste. Organizational waste. It’s wasteful since you have a lot of tools that are offering partial data that have spaces, and each of your teams only sees part of the picture.
As Scott concluded in his report, “Collaborated SysSecOps visibility has actually currently shown its worth in helping organizations evaluate, analyze, and avoid significant dangers to the IT systems and endpoints. If these objectives are pursued, the security and management threats to an IT system can be considerably decreased.”
If your groups are working together in a SysSecOps sort of method, if they can see the exact same data at the same time, you not just have much better security and more efficient operations – however also lower threat and lower costs. Our Zenith software application can help you attain that performance, not only dealing with your existing IT and security tools, however also completing the spaces to make sure everyone has the right data at the correct time.