Chuck Leaver – Use SysSecOps To Bring IT And Security Together

Written By Chuck Leaver Ziften CEO

 

It was nailed by Scott Raynovich. Having actually dealt with hundreds of organizations he realized that one of the most significant challenges is that security and operations are 2 different departments – with drastically different goals, varying tools, and different management structures.

Scott and his analyst firm, Futuriom, recently completed a study, “Endpoint Security and SysSecOps: The Growing Trend to Develop a More Secure Business”, where one of the key findings was that clashing IT and security goals prevent experts – on both groups – from achieving their objectives.

That’s exactly what we believe at Ziften, and the term that Scott produced to talk about the convergence of IT and security in this domain – SysSecOps – explains completely what we’ve been speaking about. Security teams and the IT teams need to get on the very same page. That suggests sharing the very same objectives, and sometimes, sharing the same tools.

Consider the tools that IT individuals utilize. The tools are designed to ensure the infrastructure and end devices are working properly, when something goes wrong, helps them repair it. On the endpoint side, those tools help guarantee that devices that are enabled onto the network, are configured properly, have software applications that are authorized and effectively updated/patched, and have not registered any faults.

Think about the tools that security individuals utilize. They work to enforce security policies on devices, infrastructure, and security devices (like firewall programs). This may include active monitoring incidents, scanning for abnormal habits, examining files to ensure they do not include malware, embracing the current threat intelligence, matching against newly found zero-days, and carrying out analysis on log files.

Discovering fires, battling fires

Those are two different worlds. The security groups are fire spotters: They can see that something bad is taking place, can work rapidly to isolate the problem, and figure out if damage occurred (like data exfiltration). The IT groups are on the ground firefighters: They jump into action when an incident strikes to make sure that the systems are made safe and revived into operation.

Sounds excellent, doesn’t it? Sadly, all too often, they do not speak to each other – it’s like having the fire spotters and fire fighters utilizing dissimilar radios, different lingo, and different city maps. Worse, the groups can’t share the exact same data directly.

Our method to SysSecOps is to provide both the IT and security teams with the exact same resources – and that means the exact same reports, provided in the proper methods to professionals. It’s not a dumbing down, it’s working smarter.

It’s ridiculous to operate in any other way. Take the WannaCry virus, for example. On one hand, Microsoft provided a patch back in March 2017 that addressed the underlying SMB flaw. IT operations groups didn’t install the patch, due to the fact that they didn’t think this was a big deal and didn’t talk with security. Security groups didn’t know if the patch was set up, because they do not speak to operations. SysSecOps would have had everyone on the very same page – and could have potentially avoided this issue.

Missing out on data indicates waste and risk

The inefficient gap between IT operations and security exposes companies to risk. Preventable threats. Unneeded risk. It’s just undesirable!

If your company’s IT and security teams aren’t on the exact same page, you are incurring risks and costs that you should not need to. It’s waste. Organizational waste. It’s wasteful because you have so many tools that are offering partial data that have spaces, and each of your teams just sees part of the picture.

As Scott concluded in his report, “Coordinated SysSecOps visibility has currently shown its worth in assisting companies evaluate, analyze, and prevent considerable dangers to the IT systems and endpoints. If these goals are pursued, the security and management risks to an IT system can be greatly diminished.”

If your teams are working together in a SysSecOps sort of way, if they can see the exact same data at the same time, you not only have much better security and more effective operations – but also lower danger and lower costs. Our Zenith software application can help you achieve that effectiveness, not only working with your existing IT and security tools, but likewise filling in the gaps to make sure everyone has the best data at the right time.

~leaverchuck1


No Responses Yet to “Chuck Leaver – Use SysSecOps To Bring IT And Security Together”

Leave a Reply