Charles Leaver – Security And IT Teams Work Together Using SysSecOps

Written By Charles Leaver Ziften CEO

 

It was nailed by Scott Raynovich. Having actually dealt with hundreds of organizations he understood that one of the most significant difficulties is that security and operations are 2 different departments – with significantly different objectives, different tools, and different management structures.

Scott and his expert firm, Futuriom, recently completed a study, “Endpoint Security and SysSecOps: The Growing Pattern to Build a More Secure Business”, where one of the essential findings was that conflicting IT and security goals hamper experts – on both teams – from achieving their goals.

That’s precisely what our company believe at Ziften, and the term that Scott produced to speak about the merging of IT and security in this domain – SysSecOps – describes perfectly what we have actually been speaking about. Security teams and the IT groups should get on the exact same page. That implies sharing the same goals, and in some cases, sharing the same tools.

Think of the tools that IT individuals use. The tools are developed to make sure the infrastructure and end devices are working appropriately, when something goes wrong, helps them repair it. On the end point side, those tools help ensure that devices that are enabled onto the network, are configured appropriately, have software that’s licensed and effectively patched/updated, and haven’t registered any faults.

Think of the tools that security people use. They work to enforce security policies on devices, infrastructure, and security devices (like firewall programs). This may involve active tracking occurrences, scanning for abnormal habits, taking a look at files to guarantee they do not include malware, adopting the latest risk intelligence, matching against recently found zero-days, and carrying out analysis on log files.

Discovering fires, combating fires

Those are two varying worlds. The security teams are fire spotters: They can see that something bad is taking place, can work rapidly to separate the issue, and identify if damage took place (like data exfiltration). The IT teams are on the ground firefighters: They leap into action when an event occurs to ensure that the systems are made safe and revived into operation.

Sounds good, right? Regrettably, all frequently, they don’t talk to each other – it resembles having the fire spotters and fire fighters using dissimilar radios, dissimilar jargon, and different city maps. Worse, the teams can’t share the very same data directly.

Our approach to SysSecOps is to offer both the IT and security groups with the very same resources – and that means the very same reports, presented in the appropriate ways to experts. It’s not a dumbing down, it’s working smarter.

It’s ridiculous to operate in any other way. Take the WannaCry virus, for example. On one hand, Microsoft provided a patch back in March 2017 that attended to the underlying SMB flaw. IT operations teams didn’t install the patch, since they didn’t think this was a big deal and didn’t talk to security. Security teams didn’t know if the patch was set up, since they don’t talk with operations. SysSecOps would have had everybody on the same page – and could have potentially avoided this problem.

Missing data implies waste and threat

The dysfunctional space between IT operations and security exposes companies to risk. Avoidable danger. Unnecessary threats. It’s just undesirable!

If your organization’s IT and security groups aren’t on the exact same page, you are sustaining risks and costs that you should not need to. It’s waste. Organizational waste. It’s wasteful due to the fact that you have so many tools that are supplying partial data that have spaces, and each of your teams just sees part of the picture.

As Scott concluded in his report, “Collaborated SysSecOps visibility has already proven its worth in assisting companies evaluate, analyze, and prevent significant dangers to the IT systems and endpoints. If these objectives are pursued, the security and management risks to an IT system can be considerably diminished.”

If your teams are interacting in a SysSecOps sort of way, if they can see the very same data at the same time, you not only have much better security and more effective operations – however also lower danger and lower costs. Our Zenith software can help you attain that performance, not only dealing with your existing IT and security tools, but also completing the spaces to make sure everyone has the right data at the right time.