Chuck Leaver – The Best Way To Manage Security And Risk

Written By Roark Pollock And Presented By Chuck Leaver Ziften CEO

 

Danger management and security management have long been dealt with as separate functions frequently performed by different practical teams within an organization. The recognition of the need for constant visibility and control throughout all assets has actually increased interest in searching for commonalities in between these disciplines and the schedule of a new generation of tools is enabling this effort. This discussion is extremely timely given the continued trouble most business companies experience in attracting and retaining qualified security workers to handle and safeguard IT infrastructure. A marriage of activity can help to better leverage these vital workers, minimize costs, and assist automate response.

Historically, risk management has actually been deemed an offensive mandate, and is normally the field of play for IT operations groups. Sometimes described as “systems management”, IT operations teams actively perform device state posture tracking and policy enforcement, and vulnerability management. The goal is to proactively mitigate possible threats. Activities that enhance risk reduction and that are carried out by IT operations include:

Offending Danger Mitigation – Systems Management

Asset discovery, inventory, and refresh

Software application discovery, usage tracking, and license justification

Mergers and acquisition (M&A) threat assessments

Cloud workload migration, monitoring, and enforcement

Vulnerability assessments and patch installs

Proactive help desk or systems analysis and concern response/ repair

On the other side of the field, security management is deemed a defensive strategy, and is typically the field of play for security operations groups. These security operations groups are typically responsible for hazard detection, incident response, and remediation. The objective is to react to a risk or a breach as rapidly as possible in order to minimize effects to the company. Activities that fall directly under security management which are carried out by security operations consist of:

Defensive Security Management – Detection and Response

Hazard detection and/or risk hunting

User habits monitoring / insider danger detection and/or hunting

Malware analysis and sandboxing

Incident response and risk containment/ removal

Lookback forensic examinations and origin determination

Tracing lateral hazard motions, and further threat elimination

Data exfiltration determination

Successful companies, obviously, have to play both offense AND defense equally well. This need is driving companies to acknowledge that IT operations and security operations have to be as aligned as possible. Therefore, as much as possible, it assists if these 2 groups are playing utilizing the very same playbook, or at least dealing with the same data or single source of fact. This implies both groups must aim to utilize some of the exact same analytic and data collection tools and approaches when it concerns handling and protecting their endpoint systems. And if companies rely on the exact same personnel for both jobs, it definitely assists if those people can pivot between both tasks within the very same tools, leveraging a single data set.

Each of these offending and defensive jobs is crucial to securing a company’s intellectual property, track record, and brand name. In fact, handling and focusing on these tasks is what often keeps CIOs and CISOs up at night. Organizations should acknowledge opportunities to align and combine teams, innovations, and policies as much as possible to guarantee they are focused on the most urgent requirement along the current danger and security management spectrum.

When it pertains to handling endpoint systems, it is clear that organizations are approaching an “all the time” visibility and control design that permits continuous danger evaluations, constant risk monitoring, and even continuous efficiency management.

Therefore, organizations need to try to find these 3 key capabilities when assessing brand-new endpoint security investments:

Solutions that supply “all the time” visibility and control for both IT operations groups and security operations groups.

Solutions that provide a single source of truth that can be utilized both offensively for danger management, and defensively for security detection and response.

Architectures that easily integrate into existing systems management and security tool environments to deliver even higher worth for both IT and security groups.

~leaverchuck1


No Responses Yet to “Chuck Leaver – The Best Way To Manage Security And Risk”

Leave a Reply