Security visibility crucial to automating SecOps collaboration, cloud transition

A lack of network visibility and information sharing continues to hinder organisational efforts to unify security specialists and IT operations teams in a 'SecOps' mode of organisational functioning, a cloud-computing specialist has warned.

Even where security vulnerabilities are detected and teams develop plans to remediate them, delays in actualising those plans through the operational teams can create a window of opportunity for outside attacks that lasts, by one assessment, an average of 256 days before an attack is detected.

Reducing this timeframe is essential for good security governance but most companies still suffer from an operational disconnect, BMC cloud computing specialist David Carless told CSO Australia as the service-monitoring giant launched its BladeLogic Threat Director in an effort to bridge the gap.

“It can take an awful lot of time to get an authorisation to apply a patch, or to change configuration,” Carless explained, noting that these processes were often drawn out by a lack of visibility into the operational network and that this, in turn, often made it hard to meet internal SLAs around fault remediation.

One customer had, for example, set an internal SLA that demanded patches be ready for deployment within 8 hours of a vulnerability being discovered. But “that's just impossible to do if you're trying to do it manually,” Carless said.

“Imagine an operations team being handed a spreadsheet with 1000 IP addresses and a list of a couple of thousand vulnerabilities that have been identified. Trying to prioritise – let alone perform – that is a massive task. So we've connected the two teams, providing the security team with the actual data and providing a methodology and a toolset to help them respond.”

Designed to function in real time, that connection sets up a new vocabulary for information exchange and operational dynamics that is intended to help empower the creation of a SecOps culture – which is particularly crucial for organisations seeking to introduce a common monitoring environment across both on-premises and cloud-based infrastructure.

Maintenance of an ongoing patch registry ensures that the patch status of every device on the network can be continuously monitored, with out-of-date equipment targeted for upgrades and compliance audits much easier to execute when necessary.

“We really provide an environment that is audit ready all the time,” Carless said. “Within seconds, we can provide the current patch level for any device. This gives the security teams a real-time view of the vulnerabilities at any given time.”

Read more: CAPTCHA, policies secure Catholic Education SA's VDI-driven cloud transition

This type of visibility is important in any organisation but particularly relevant for managed service providers (MSPs) that are becoming increasingly important as organisations look to outsourcing and cloud strategies to offload many of their operational processes. And, despite the change in business strategy, many organisations fail to keep up with these changes from a SecOps point of view.

“Companies often don’t monitor their partners’ or contractors’ access privileges and security processes as well as they do within their own boundaries,” said Ewen Ferguson, managing director of consulting form Protiviti. “Add to that, the fact that outsiders often bring their own hardware and software which may be ‘contaminated’ through use on other non-secure networks - and you have a clear security exposure.”

Managing this exposure, Ferguson recommends, requires a “robust third party risk management” with contracts that elucidate risk-management expectations around visibility of service providers' operations and reporting obligations in the event of a breach.

This includes managing a central inventory of third-party providers; renegotiating contract terms to boost security safeguards; conducting proactive risk assessments; and putting in place the processes and tools to know what data third parties are accessing and how they are storing it.

The construction of a robust monitoring infrastructure will go a long towards enabling these and other protections by filling out gaps in security and operational governance procedures.

“We have a great window of opportunity to bridge this gap,” Carless said. “Whether in privately owned data centres, virtual cloud services or wherever – it doesn't matter where the devices are. We can still manage them and provide this functionality. This is providing a great opportunity for clients to close this gap.”

Take this 5 minute survey on The State of Cloud Storage & Collaboration 2016 and go in the draw to win a $500 Visa credit card.

Start Survey NOW

Join the CSO newsletter!

Error: Please check your email address.

Tags security visibilitycloud transitionsecurity vulnerabilitiesSecOps collaborationbladelogicDavid CarlessCSO Australia

More about CSOProtivitiVisa

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place