Offense And Defense For Managing Security And Risk – Charles Leaver

Written By Roark Pollock And Presented By Charles Leaver Ziften CEO


Threat management and security management have long been handled as different functions typically performed by different functional teams within an organization. The recognition of the need for continuous visibility and control across all assets has actually increased interest in trying to find commonalities between these disciplines and the schedule of a new generation of tools is enabling this effort. This discussion is really timely given the continued difficulty the majority of business organizations experience in drawing in and retaining competent security personnel to manage and safeguard IT infrastructure. An unification of activity can help to much better take advantage of these crucial personnel, minimize expenses, and help automate response.

Historically, danger management has been considered as an attack mandate, and is generally the field of play for IT operations teams. Often referred to as “systems management”, IT operations teams actively perform device state posture monitoring and policy enforcement, and vulnerability management. The goal is to proactively mitigate potential risks. Activities that enhance risk decreasing and that are performed by IT operations consist of:

Offensive Danger Mitigation – Systems Management

Asset discovery, inventory, and revitalize

Software application discovery, usage tracking, and license justification

Mergers and acquisition (M&A) threat assessments

Cloud work migration, tracking, and enforcement

Vulnerability evaluations and patch installs

Proactive help desk or systems analysis and concern response/ repair work

On the other side of the field, security management is deemed a defensive strategy, and is generally the field of play for security operations teams. These security operations groups are usually responsible for hazard detection, event response, and resolution. The objective is to react to a risk or a breach as quickly as possible in order to lessen impacts to the organization. Activities that fall squarely under security management and that are carried out by security operations consist of:

Defensive Security Management – Detection and Response

Hazard detection and/or hazard hunting

User behavior monitoring / insider risk detection and/or searching

Malware analysis and sandboxing

Event response and threat containment/ removal

Lookback forensic examinations and source determination

Tracing lateral risk motions, and further threat elimination

Data exfiltration identification

Effective companies, obviously, need to play both offense AND defense equally well. This need is driving companies to recognize that IT operations and security operations have to be as lined up as possible. Hence, as much as possible, it assists if these 2 teams are playing utilizing the same playbook, or a minimum of working with the exact same data or single source of truth. This means both groups ought to aim to utilize some of the exact same analytic and data collection tools and methodologies when it concerns managing and protecting their endpoint systems. And if companies count on the same personnel for both jobs, it definitely assists if those people can pivot between both jobs within the very same tools, leveraging a single data set.

Each of these offending and defensive tasks is crucial to safeguarding an organization’s copyright, reputation, and brand. In fact, managing and focusing on these jobs is what frequently keeps CIOs and CISOs up during the night. Organizations need to acknowledge opportunities to align and combine groups, innovations, and policies as much as possible to guarantee they are concentrated on the most immediate need along the existing threat and security management spectrum.

When it concerns handling endpoint systems, it is clear that companies are approaching an “all the time” visibility and control model that allows constant danger assessments, constant hazard tracking, as well as constant performance management.

Thus, organizations have to try to find these 3 crucial abilities when evaluating brand-new endpoint security systems:

Solutions that supply “all the time” visibility and control for both IT operations teams and security operations groups.

Solutions that supply a single source of reality that can be utilized both offensively for danger management, and defensively for security detection and response.

Architectures that easily integrate into existing systems management and security tool ecosystems to provide even greater value for both IT and security groups.

Leave a Reply

Your email address will not be published. Required fields are marked *