Bringing Security and IT Ops Together – SysSecOps

by Charles Leaver

June 13, 2017

access_time 6 min read

Scott Raynovich nailed it. Having worked with hundreds of organizations he realized that one of the biggest challenges is that security and operations are two different departments – with radically different goals, different tools, and different management structures.

Scott and his analyst firm, Futuriom, just completed a study, “Endpoint Security and SysSecOps: The Growing Trend to Build a More Secure Enterprise”, where one of the key findings was that conflicting IT and security goals prevent professionals – on both teams – from achieving their goals.

That’s exactly what we believe at Ziften, and the term that Scott created to talk about the convergence of IT and security in this domain – SysSecOps – describes perfectly what we’ve been talking about. Security teams and the IT teams must get on the same page. That means sharing the same objectives, and in some cases, sharing the same tools.

Think about the tools that IT folks use. The tools are designed to make sure the infrastructure and end devices are working properly, and when something goes wrong, helps them fix it. On the endpoint side, those tools help ensure that devices are allowed onto the network, are configured properly, have software that’s authorized and properly updated/patched, and haven’t registered any faults.

Think about the tools that security folks use. They work to enforce security policies on devices, infrastructure, and security apparatus (like firewalls). This may involve active monitoring incidents, scanning for abnormal behavior, examining files to ensure they don’t contain malware, adopting the latest threat intelligence, matching against newly discovered zero-days, and performing analysis on log files.

Finding fires, fighting fires

Those are two different worlds. The security teams are fire spotters: They can see that something bad is happening, can work quickly to isolate the problem, and determine if harm happened (like data exfiltration). The IT teams are on-the-ground firefighters: They leap into action when an incident occurs to ensure that the systems are made safe and brought back into operation.

Sounds good, right? Unfortunately, all too often, they don’t talk to each other – it’s like having the fire spotters and fire fighters using different radios, different jargon, and different city maps. Worse, the teams can’t share the same data directly.

Our approach to SysSecOps is to provide both the IT and security teams with the same resources – and that means the same reports, presented in the appropriate ways to professionals. It’s not a dumbing down, it’s working smarter.

It’s ludicrous to work in any other way. Take the WannaCry virus, for example. On one hand, Microsoft issued a patch back in March 2017 that addressed the underlying SMB flaw. IT operations teams didn’t install the patch, because they didn’t think this was a big deal and didn’t talk to security. Security teams didn’t know if the patch was installed, because they don’t talk to operations. SysSecOps would have had everyone on the same page – and could have potentially avoided this problem.

Missing data means waste and risk

The dysfunctional gap between IT operations and security exposes organizations to risk. Avoidable risk. Unnecessary risk. It’s simply unacceptable!

If your organization’s IT and security teams aren’t on the same page, you are incurring risks and costs that you shouldn’t have to. It’s waste. Organizational waste. It’s wasteful because you have so many tools that are providing partial data that have gaps, and each of your teams only sees part of the picture.

As Scott concluded in his report, “Coordinated SysSecOps visibility has already proven its worth in helping organizations assess, analyze, and prevent significant risks to the IT systems and endpoints. If these goals are pursued, the security and management risks to an IT system can be greatly diminished.”

If your teams are working together in a SysSecOps kind of way, if they can see the same data at the same time, you not only have better security and more efficient operations – but also lower risk and lower costs. Our Zenith software can help you achieve that efficiency, not only working with your existing IT and security tools, but also filling in the gaps to make sure everyone has the right data at the right time.