Written By Charles Leaver Ziften CEO
It was nailed by Scott Raynovich. Having dealt with numerous companies he recognized that one of the most significant obstacles is that security and operations are two different departments – with drastically different goals, varying tools, and different management structures.
Scott and his expert firm, Futuriom, recently completed a study, “Endpoint Security and SysSecOps: The Growing Trend to Develop a More Secure Enterprise”, where one of the essential findings was that clashing IT and security goals hamper professionals – on both teams – from attaining their goals.
That’s exactly what we believe at Ziften, and the term that Scott created to speak about the convergence of IT and security in this domain – SysSecOps – explains perfectly exactly what we’ve been discussing. Security groups and the IT teams need to get on the exact same page. That indicates sharing the very same goals, and sometimes, sharing the same tools.
Think about the tools that IT individuals use. The tools are designed to make sure the infrastructure and end devices are working appropriately, when something fails, helps them repair it. On the end point side, those tools will make sure that devices that are allowed onto the network, are set up effectively, have software applications that are authorized and appropriately updated/patched, and haven’t recorded any faults.
Consider the tools that security folks use. They work to impose security policies on devices, infrastructure, and security devices (like firewall programs). This might involve active monitoring events, scanning for abnormal habits, analyzing files to ensure they don’t contain malware, adopting the current hazard intelligence, matching versus recently found zero-days, and carrying out analysis on log files.
Finding fires, battling fires
Those are 2 different worlds. The security teams are fire spotters: They can see that something bad is taking place, can work rapidly to isolate the problem, and identify if harm happened (like data exfiltration). The IT teams are on-the-ground firefighters: They jump into action when an incident occurs to ensure that the systems are made safe and restored into operation.
Sounds excellent, doesn’t it? Sadly, all frequently, they don’t talk to each other – it resembles having the fire spotters and fire fighters utilizing dissimilar radios, different lingo, and dissimilar city maps. Worse, the teams cannot share the same data directly.
Our method to SysSecOps is to offer both the IT and security groups with the very same resources – which implies the same reports, provided in the suitable ways to experts. It’s not a dumbing down, it’s working smarter.
It’s ridiculous to operate in any other way. Take the WannaCry infection, for example. On one hand, Microsoft released a patch back in March 2017 that dealt with the underlying SMB flaw. IT operations teams didn’t install the patch, because they didn’t believe this was a big deal and didn’t talk with security. Security teams didn’t know if the patch was installed, because they don’t speak to operations. SysSecOps would have had everybody on the exact same page – and could have potentially avoided this issue.
Missing data indicates waste and risk
The dysfunctional gap between IT operations and security exposes companies to threats. Preventable risk. Unnecessary threats. It’s just inappropriate!
If your organization’s IT and security groups aren’t on the very same page, you are sustaining dangers and costs that you should not have to. It’s waste. Organizational waste. It’s wasteful since you have numerous tools that are offering partial data that have gaps, and each of your teams just sees part of the picture.
As Scott concluded in his report, “Collaborated SysSecOps visibility has actually currently proven its worth in helping companies assess, analyze, and prevent substantial threats to the IT systems and endpoints. If these goals are pursued, the security and management threats to an IT system can be greatly decreased.”
If your groups are collaborating in a SysSecOps sort of method, if they can see the exact same data at the same time, you not just have better security and more effective operations – however also lower risk and lower costs. Our Zenith software can assist you attain that effectiveness, not only dealing with your existing IT and security tools, but also completing the gaps to make sure everybody has the ideal data at the right time.