Written By Roark Pollock And Presented By Chuck Leaver Ziften CEO
Threat management and security management have long been handled as separate functions frequently carried out by different functional groups within a company. The recognition of the need for constant visibility and control across all assets has actually increased interest in searching for common ground between these disciplines and the schedule of a new generation of tools is enabling this effort. This conversation is really timely given the continued problem a lot of enterprise companies experience in bringing in and retaining qualified security workers to manage and safeguard IT infrastructure. A marriage of activity can help to much better take advantage of these critical personnel, minimize expenses, and help automate response.
Historically, danger management has actually been considered as an attack mandate, and is usually the field of play for IT operations teams. Sometimes described as “systems management”, IT operations teams actively perform device state posture monitoring and policy enforcement, and vulnerability management. The goal is to proactively reduce prospective dangers. Activities that further risk decreasing which are carried out by IT operations include:
Offensive Risk Mitigation – Systems Management
Asset discovery, inventory, and refresh
Software application discovery, usage tracking, and license rationalization
Mergers and acquisition (M&A) risk assessments
Cloud workload migration, tracking, and enforcement
Vulnerability evaluations and patch installs
Proactive helpdesk or systems analysis and problem response/ repair
On the other side of the field, security management is considered as a protective game, and is usually the field of play for security operations groups. These security operations teams are usually responsible for hazard detection, event response, and remediation. The goal is to react to a danger or a breach as quickly as possible in order to decrease impacts to the organization. Activities that fall squarely under security management and that are carried out by security operations consist of:
Defensive Security Management – Detection and Response
Danger detection and/or threat hunting
User habits monitoring / insider danger detection and/or hunting
Malware analysis and sandboxing
Incident response and threat containment/ elimination
Lookback forensic examinations and origin decision
Tracing lateral danger movements, and further threat elimination
Data exfiltration determination
Successful companies, obviously, have to play both offense AND defense similarly well. This requirement is driving companies to acknowledge that IT operations and security operations need to be as aligned as possible. Therefore, as much as possible, it assists if these 2 groups are playing using the very same playbook, or at least working with the very same data or single source of reality. This suggests both groups should aim to use some of the exact same analytic and data collection tools and approaches when it concerns handling and protecting their endpoint systems. And if companies rely on the very same workers for both jobs, it definitely helps if those people can pivot in between both jobs within the very same tools, leveraging a single data set.
Each of these offending and defensive tasks is important to protecting a company’s intellectual property, track record, and brand name. In fact, managing and focusing on these tasks is exactly what frequently keeps CIOs and CISOs up at night. Organizations must acknowledge chances to align and combine groups, technologies, and policies as much as possible to guarantee they are focused on the most urgent requirement along the existing danger and security management spectrum.
When it pertains to managing endpoint systems, it is clear that organizations are moving toward an “all the time” visibility and control design that permits continuous threat assessments, continuous hazard monitoring, as well as constant performance management.
Thus, companies have to search for these 3 crucial abilities when examining brand-new endpoint security investments:
Solutions that provide “all the time” visibility and control for both IT operations groups and security operations groups.
Solutions that provide a single source of reality that can be utilized both offensively for threat management, and defensively for security detection and response.
Architectures that easily integrate into existing systems management and security tool ecosystems to provide even higher worth for both IT and security groups.