Jonny Nässlander, profile picture
Uploaded byJonny Nässlander
154 views

idg_secops-solutions

The document discusses the growing security challenges faced by organizations and the need to close the gap between security (SecOps) and IT operations teams. It notes that the volume and complexity of cyberattacks have increased significantly. However, current security tools, processes, and teams are often unable to keep up due to a lack of integration and coordination between security and operations groups. This results in security vulnerabilities not being addressed quickly enough, leading to potential data breaches and other security incidents. The document argues that automating security and operations workflows can help eliminate inefficiencies and prioritize the remediation of the most critical issues.

Embed presentation

Download to read offline
SecOps Solutions Help Teams Address Critical Security Vulnerabilities
o company is immune from cyberattacks. As FBI director James Comey famously noted, there are now two kinds of big companies: those that have been hacked and those that don’t know they’ve been hacked.1 Security threats are a more serious and frequent problem than ever. As hackers demonstrate increasing sophistication, enterprises are bracing for the worst. At the annual Black Hat gathering of security professionals, 72% of the people responding to an attendee survey said it was likely that their organizations would suffer a major data breach in the next 12 months and 15% said they had “no doubt,” up from 13% last year.2 It’s one thing to say that your company could be a victim; it’s quite remarkable when the overwhelming majority has no doubt that they are destined to suffer a major security breach. That pessimistic view of the threat environment was consistent with the security worries expressed by many other business executives. Case in point: A whopping 97% of the executives polled in a recent BMC-Forbes Insights survey expected a rise in data breach attempts in the next 12 months, and 99% said they planned to invest more in security than they did in 2015.3 Not only are the security challenges facing IT greater than ever but the price of failure is also climbing. Since 2013 the total cost of a data breach has increased 29%, to an average of $4 million per incident.4 The height- ened threat landscape means that enterprises must learn to manage what Gartner describes as an “acceptable” level of digital risk.5 There are new potential points of vulnerability: As organizations migrate data to the cloud, expand their deployment of mobile computing, and embrace the Internet of Things, security executives confront threat environments with more potential digital touchpoints to protect. Mobile Mobile devices were, until recently, a negligible source of data breaches, with less than a 1% infection rate in 2015.6 Looking back, that was the calm before the N storm. A year later, more than three-fifths of IT security professionals at Global 2000 companies believe that it is either certain or likely that their organizations has suffered a data breach related to the use of mobile devices.7 Many device owners still fail to take basic steps to secure their devices with passwords, personal identifica- tion numbers, or pattern locks.8 The risk is amplified by the growing popularity of bring-your-own-device, with employees using their personal devices for work. That presents a new calculus of worry, given that employees still constitute the weakest link in any defense.9 Cybercriminals have taken due notice, with malicious code writers embedding malware into legitimate mobile applications.10 Elsewhere, cybercriminals are targeting poorly secured Wi-Fi hotspots that aren’t under the control of network administrators. They steal passwords or erect rogue Wi-Fi access points that mimic the characteristics of trusted networks to dupe mobile users into connecting to their access points. The Cloud The cloud has moved beyond the early-adopter phase, with more than 90% of organizations now using some form of cloud computing in their operations. The shift is particularly noticeable among large enterprises that were slower to embrace the cloud. As the cloud handles more of our data, it also presents a more visible target for cyberattackers. As information gets dispersed in hybrid environments that combine public clouds, private clouds, and on-premises systems, intruders are probing for vulnerabilities, using many of the same techniques they have employed successfully elsewhere to break into corporate networks. Attackers regularly test cloud security with exploits such as SQL injection flaws and spear-phishing campaigns, trying to take advantage of poor user security practices as well as network misconfigurations that result in badly designed APIs and interfaces.
A more recent wrinkle in cloud-related security stems from the practice of many departments of procuring hardware and software without explicit organizational approval. The popularity of “shadow IT” presents a formidable security challenge to CISOs and CIOs, who find out only after the fact—and only if they’re lucky- when new systems and solutions are being added. The risk is that attackers will exploit unauthorized products that have weak security controls to penetrate the corporate cloud. SCOPE OF THE CURRENT THREAT ENVIRONMENT: The volume and types of cyberattacks have increased in scope and complexity, to the point where Internet crime has become a veritable growth industry.12 Security executives responsible for protecting their organization’s data must now defend against a constel- lation of threats that include malware, ransomware, advanced persistent threats, theft of proprietary information, and insiders seeking to steal the organization’s digital crown jewels via unauthorized access to corporate data. Threats and motivations: A. Cybercriminals and organized crime: Sophisticated criminals—domestic and foreign—have been attracted to cyberspace because that’s where the money is. Businesses nowadays face regular attacks by sophisti- cated criminal organizations that operate with the professionalism, discipline, and structure of legitimate enterprises.13 Indeed, the sale of stolen intellectual property and other information on the black market constitutes a big and growing business. Economists estimate the annual cost of cyberattacks to the world economy at around $445 billion, or almost 1% of global income.14 B. Nation-states: Proxies operating at the behest of nation-states are targeting enterprises as part of their sponsors’ information-gathering and espionage activities.15 The attackers’ goals range from stealing intellectual property to disrupting a company’s com- puter networks to make political points, such as in the attack against Sony in 2014.16 C. Hacktivists: Unlike the pranks and practical jokes that characterized the early years of hacktivism, the current generation of individuals or groups practicing hacktivism can inflict serious damage on their targets. The inspiration behind the attacks is random, although the intent is often to make a political or moral point- witness the hack last year of the Ashley Madison website, which revealed personal user data identifying millions of would-be spousal cheaters. Hacktivists have also grown increasingly sophisticated. Case in point: a series of distributed denial-of-service attacks targeting banks around the world this past spring, which also marked the reappearance of the hacktivist group Anonymous.17 D. Malicious insiders: Both the FBI and the Depart- ment of Homeland Security warn that malicious insiders now pose a significant risk to business networks and their information.18 Indeed, insider crimes can be costlier or more damaging than outsider threats.19 Motivated by revenge, politics, or financial gain, insiders may include employees, contractors, or vendors who have intimate knowledge of an organization and its systems—as well as the whereabouts of its most valuable information. 97% of execs expect a rise in data breach attempts in the next 12 months. 99% of execs plan to invest more in security in the next 12 months than they did in 2015.
Security Is Now Everyone’s Responsibility It wasn’t long ago that cybersecurity was the exclusive purview of the IT department. No longer. The main- streaming of cybercrime tools and techniques puts new responsibilities on the entire enterprise to implement best practices.20 That means it’s now up to CIOs and CISOs to manage the security of their digital assets with strategies that meet the enterprise’s overall business objectives while also promoting security as a shared corporate social responsibility. Forrester Research frames data security as a corporate social responsibility. Clearly, data security and privacy protection now rank as core business concerns and go to the heart of what it means to be a trusted brand rather than simply an organization that meets basic compliance obligations. Competitive impact: When discussing strategic objectives, organizations need to include security and customer data protection as chief priorities. Data breaches and regulatory audits following a compromise can affect a company’s reputation as well as its competi- tive ranking when customers, uneasy about a company’s ability to protect personal data, vote with their feet.21 Current Tools, Processes, and Teams Still Fall Short Against a backdrop of rising attacks, the tools, processes, and teams tasked with protecting organiza- tions aren’t keeping up with the challenges. FAILURE TO FIX KNOWN ISSUES New vulnerabilities emerge literally each day, but organizations still lag in their patch implementation response times, according to the “Cisco 2016 Midyear Cybersecurity Report.” About half of all exploits now take place between 10 and 100 days after the vulnerabil- ity is published, with the median number estimated to be around 30 days, says the “Verizon 2016 Data Breach Investigations Report.” The failure to patch known vulnerabilities in a timely fashion—it takes an average of 193 days a patch to be installed that will fix known vulnerabilities—allows intruders to exploit the path of least resistance and attack unpatched vulnerabilities. Unfortunately, different priorities have led to poor synchronization between Security and Operations, preventing agreement on which systems they ought to fix first.22 ZOMBIES OPEN DOORS TO HACKERS By one estimate, there are as many as 10 million servers around the world that do little but consume electricity.23 These so-called zombie servers aren’t just wasting billions of dollars in energy costs; left unattended or not kept up-to-date with the latest patches, they also offer backdoor entry points through which intruders can access company networks. For example, when cyber- criminals hacked into J.P. Morgan in 2015 and stole information on more than 80 million account holders, they got in by exploiting a no updated server.24 Among enterprises, 50% experience outages and poor performance in IT systems due to poorly applied security patches, further underscoring the poor collabo- ration between the security and operations depart- ments. Their inability to prioritize and fix vulnerabilities is responsible for unnecessary downtime as well as lingering security vulnerabilities.25 44% of executives say security breaches occur even when vulnerabilities and their remediation have already been identified 44% of executives say it takes their businesses weeks to fix high-impact vulnerabilities.
The Big Disconnect As they battle external threats, companies are also weighed down by bureaucratic silos that negatively affect integration and coordination between Security and Operations. In fact, some 60% of executives surveyed by BMC and Forbes Insights said that the two groups often have little understanding of the other’s requirements, an organizational obstacle that results in poor collaboration.26 The upshot: system downtime, excessive labor costs, and challenges in meeting regula- tory requirements and staying audit-ready. Although each is essential for the success of any organization, the responsibilities of two key stakehold- ers often have them working at cross-purposes to identify, remediate, and track vulnerabilities easily. Whereas Operations is focused on maintaining the productivity and competitiveness of the enterprise, the security team’s prime directive is to do whatever is possible to keep the organization safe from attack. Even though the security team provides overall security policies and compliance terms, it doesn’t have the authority to implement the steps needed to address the issues across the organizations. Although it may seem to think it is “done” once it has highlighted the problem or opened a ticket, the reality is that the work is really just beginning at that point. The challenge is made that much steeper by the fact that the groups are stuck on opposite sides of what we describe as the SecOps gap, driven by competing priorities and tech tools that don’t mesh. Operations teams are responsible primarily for uptime and stability. But when Operations receives information from its Security counterparts, it frequently lacks the automation or the context needed to take or prioritize action to meet the demands of the business. Logjams result when reports arrive that were composed for use by the security team, not Operations. If a multi- thousand-line report is organized by IP address, Opera- tions can’t do anything with it if that department doesn’t track IP addresses. Even if it is able to read the report, Operations is still left to manually hunt down the common vulnerabilities and exposures (CVEs) or fixes and then manually set them up to deploy. How bad does it get? This manual effort and the lack of coordina- tion lead to huge time losses, and the hackers take advantage. IMPACTS ON THE ORGANIZATION Poor coordination between Security and Operations has ripple effects throughout the rest of the organiza- tion. In the survey by BMC and Forbes Insights, 34% of the responding North American executives and 54% of the European respondents said that it takes weeks to resolve a “high-impact vulnerability” in applications or operating systems once a patch becomes available. In more than one-third of the cases, delays occurred during attempts to prioritize which systems should be addressed first. DISJOINTED EXECUTION Organizations need better visibility to prioritize critical issues so they can confidently protect customers. At first blush, that seems straightforward and unremark- able. But the lack of integration between Security and Operations makes this anything but easy. What may seem like a high priority to security executives may not be viewed that same way by the operations team, where the focus is on uptime and performance. The organizational disconnect also has ramifications in other areas of corporate performance, particularly when it comes to regulatory compliance. The failure to align around a set of common compliance objectives creates blind spots, overlap, and duplicative efforts. Most organizations are forced into a stream of manual processes or tools that aren’t built for the problem. This leaves them frustrated to the point that they just give up because they can’t keep up with the volume, complexity, and scale. on average, to resolve a known vulnerability. It takes 193 days
Penalties for Failing to Avoid Data Breaches The lack of integration and coordination between Security and Operations leaves enterprises open to security risks, including the theft of IP, financial losses, compromised customer data, damaged reputation, and regulatory sanctions. Federal and state laws governing data privacy exact severe penalties on organizations that fail to implement appropriate data security measures.27 Cybersecurity has become a business issue that now demands active involvement from the top management of an organization. When data breaches occur, the failure to protect the information of the company and its customers can cause CIOs, CISOs, and even CEOs to lose their jobs.28 Repairing the SecOps Gap The absence of integration between Security and Operations comes at the very worst time and has created a veritable SecOps gap that handicaps an organization’s ability to defend itself in today’s elevated security threat environment. Enterprises have a tough enough job identifying, remediating, and tracking vulnerabilities easily. Their task is made unnecessarily harder when there are clashing priorities, tools that fail to mesh well, and too little technology automation. Instead of working at cross-purposes, Security and Operations can merge heretofore disconnected initia- tives into a unified process that fosters close alignment that pays dividends for both teams—from accelerating the process of vulnerability resolution to reducing the costs of remediation. AUTOMATION CAN ADDRESS THE PROBLEM The biggest risks facing companies are the things they don’t know about—and they need to be addressed to reduce the unknown risk of blind spots. Organizations have a limited ability to take action and fix vulnerabilities if they don’t possess scalable processes and contextual- ized information. What’s more, they will be hard- pressed to know whether they are indeed fixing the most important problems if they can’t prioritize risks. There is no shortage of unknowns in this era of digital transformation, stepping up the pressure on both the security and operations teams to understand what is in their environments at any given time. That’s no easy task. Given the myriad of new security and regulatory compliance demands on their IT infrastructure, the job of putting in place controls governing this changing set of policies can prove overwhelming. That’s where enterprises need an automated SecOps solution that offers effective compliance controls, rapid remediation, and blind spot detection. wanted a centralized view into vulnerabilities and remediation actions. of the survey respondents wanted tools for automating corrective actions, and 59% 60% Conclusion Collaborative workflow processes that eliminate friction and misalignments between the security and operations teams sharply lower the risk of data loss and operational downtime. Now, more than ever, enterprises can advance their overall business agenda by closing the SecOps gap and minimizing communications breakdowns that leave organizations vulnerable to cyberattacks. As the industry’s SecOps leader, BMC offers technology solutions that offer security teams visibility into opera- tional plans while providing operations with an action- able view of threat information based on risk level. • Learn how automation can close the SecOps gap. • See BMC BladeLogic Threat Director in action.
Here is an excerpt from the Voke Research Solution Snapshot™ report: BMC SecOps Solutions. Market Context Each day security breaches have a profound impact on the way a business interacts with its customers. When the news of a security breach breaks, businesses are immediately thrown into crisis management mode. In many cases, hacker access company systems months before breaches get identified, confirmed, and reported. This problem of delayed acknowledgment of a hacker entering into a system is a costly endeavor. More importantly, and ultimately costlier, it is taking excessive amounts of time to remediate a known vulnerability. The gap between IT security and IT operations widens each time a known vulnerability is not remediated in a timely and business-oriented fashion. Surprisingly, most security vulnerabilities are known and have published patches; however, the patches are not always installed in timely fashion. Attackers know this and will exploit unpatched, known vulnerabilities, to harm your business and brand while threatening the privacy, health, or safety of your customers. Both the IT security and IT operations teams are responsible for protecting the IT infrastructure. But their defined goals for carrying out their respective roles can come into conflict. The IT security team runs scans for vulnerabilities and provides overall security policy, compliance, and governance terms. While the IT security team highlights the issues, the ownership of implementation to address the issues is the responsibility of IT operations. The IT security team may or may not understand the opera- tional impact of these policies, compliance, and govern- ance terms. Meanwhile, the IT infrastructure is dynamically managed by IT operations teams to meet the demands of high availability for productivity against the ever-present risk of failure. IT operations, which constitutes the first line of defense in a security breach, is also the first team responsible for system stability and uptime. Hence the conundrum that IT security and IT opera- tions teams face: How will IT operations know what to do with the recommendations from the IT security team? And how will the IT security team understand the operational impact of what the IT operations team does or does not do? It’s up to CIOs and CISOs to sort this out and eradicate the isolation and contention between the departments. Strong executive leadership can ensure collaboration between IT security and IT operations by leveraging automation to proactively protect the IT infrastructure. Organizations must use processes and technology to unite the IT security and IT operations teams with more focus on collaboration and visibility, while allowing the IT operations team to take a more active role in IT security. But this gets complicated. Opening the ticket is only the beginning of the problem resolution path to remediat- ing security vulnerabilities. While IT security and IT operations teams remain independent of one another, they still must find ways to cooperate. Additional Reading Both the IT security and IT operations teams are responsible for protecting the IT infrastructure. But their defined goals for carrying out their respective roles can come into conflict. Strong executive leadership can ensure collaboration between IT security and IT operations by leveraging automation to proactively protect the IT infrastructure.
IT Complexity IT security and IT operations usually function in isolated silos. Elements of the gap that exists between the two teams include: • Lack of process integration • Lack of automation to quickly implement recommended patches • Conflicting priorities between the two teams (i.e., governance vs. stability and uptime) • Lack of insight between IT security and IT operations regarding a pipeline of planned patches • Lack of collaboration to make systems more reliable and predictable in order to achieve better business outcomes Poor handoffs between IT security and IT operations on vulnerability information • Lack of understanding between IT security and IT operations on initiatives and requirements of each team Lack of coordinated efforts to create a path to operationalize security While both IT security and IT operations perform discrete functions as they relate to the systems and software, the two teams must no longer work in isola- tion. Each team must retain independence but work towards operationalizing security for the betterment of the business. The call for both teams to work together and eliminate the persistent gap is not an option. It is a necessity. But too often teams are isolated from one another and do not have clear lines of communication with insight into the results of actions conducted by the teams. Because of this isolated approach to overall security, attackers are able to take a path of least resistance and exploit vulnerabilities that have languished for months or years. BMC Rolls Out Modern Solutions Enough businesses have been damaged by security breaches that, in hindsight, were preventable. Enough individuals have been victims of hacks. It is now time for IT security and IT operations to heed the needs of the business and work together to solve the technical problems presented by ongoing security threats and vulnerabilities. Often, hackers have been found to lurk in systems for months or years before an actual attack was identified and made public. These scenarios are the stuff of dreams for nefarious hackers and yet enterprises have a “why bother” attitude of coordinated IT security and believe that an attack is simply a matter of time. Two types of enterprises exist—those that know a security vulnerability has been exploited and those that do not know that a security vulnerability has been exploited. Too frequently IT security becomes a top priority only when an enterprise experiences a damaging security breach. This cycle will continue to play out unless there is a concerted effort by IT security and IT operations to change their behaviors to be more proactive and focus on ensuring secure operations. Two types of enterprises exist—those that know a security vulnerability has been exploited and those that do not know that a security vulnerability has been exploited. It is up to the IT operations teams of every enterprise to know and communicate this status. Unfortunately, in most enterprises today, the classic finger-pointing of IT security and IT operations is a reality. It is safe to say that IT operations does not understand the intricacies of what IT security does, And, IT security does not understand the intricacies of what IT opera- tions does. This is not a fault of one team or the other. It is simply two distinct professional teams with differ- ent roles for achieving the same goal. IT security and IT operations must work more closely together to main- tain secure operations. Enterprise organizations must set a mandate to opera- tionalize security from the C-level to mitigate the business risk of security threats and vulnerabilities. Adopting solutions such as BMC’s BladeLogic Server Automation, BladeLogic Network Automation, and BladeLogic Threat Director will help solve technical
problems and form a well-coordinated offensive approach to solving ever-present security threats and vulnerabilities. Solutions that are purpose-built for operationalizing security allows more visibility into the role of IT security and IT operations. Hackers are aggressive, intrusive, and invasive unwanted guests. Enterprises must combat the criminal vigorously, actively, and boldly to protect the business. Solutions such as BMC SecOps will help organizations defeat 21st century enemies. Solution Overview BMC’s BladeLogic Server Automation, BladeLogic Network Automation, and BladeLogic Threat Director (released in April 2016) are the company’s product offerings to bring a better approach for IT security and IT operations teams to work together. Joint account- ability between the teams is critical in order to deliver a unified and coordinated security approach for physical or virtual IT infrastructure assets in the traditional data center or in the cloud. Since its founding in 1980, BMC has been a trusted and reliable partner to enterprise IT operations profession- als. BladeLogic Server Automation, BladeLogic Network Automation, and BladeLogic Threat Director work in combination to help enterprise IT teams automatically link security vulnerabilities to identified patches and create the attack plan to deploy countermeasures on demand. Solving this technical problem with a purpose- built solution mitigates the business risk associated with security threats and vulnerabilities. BMC positions the combined offering of BladeLogic Server Automation, BladeLogic Network Automation, and BladeLogic Threat Director as “vigilant, precise, and relentless automation in pursuit of security for the digital era”. Here are highlights of how the products work together to achieve a unified attack on security threats and vulnerabilities. 1. Compliance Digital initiatives are forcing enterprises to conduct business in new ways and consequently exposing enterprises to new and unique security and risk challenges. These new ways of conducting business bring the need for advanced security and regulatory compliance protection and enforcement. Failure to adequately enforce and protect these complex regulatory standards results in damaging business consequences. BMC products work in concert to achieve an “audit- ready” state at all times through vigilant compliance. The “audit-ready” state is critical to protecting data security and privacy and means that time to create reports or prove compliance is reduced, while allowing IT operations professionals to engage in more meaning- ful work. 2. Precise Threat Analysis Getting the right information to the right people at the right time about a security threat or vulnerability is critical in avoiding security incidents. Precision in gathering the correct information means that the business is protected because threats are prioritized and attack plans are based on needs and parameters of the business. BMC products work together to deliver precise threat analysis to: Identify and target the most vulnerable systems Isolate what to remediate and how to remedi- ate it Provide current and up-to-date status for the entire environment This means that both IT security and IT operations teams have the same information to work with to address threats and close the window of risk. 3. Remediation The biggest and most intellectually challenging problem IT operations professionals deal with is how to keep everything running at an acceptable performance level while reducing the attack surface. IT operations professionals live in a dual state—a proac- tive state of maintaining productivity of systems and a reactive state of patching and fixing when a security vulnerability is identified. IT operations professionals must be able to be proactive in both states. That means that the resolution of security threats and vulnerabilities must be accelerated while protecting uptime. BMC has an offering they describe as “vigilant, precise, and relentless automation in the pursuit of security for the digital era.”
SECURITY INCIDENTS MUST BE AVOIDED. BMC PRODUCTS WORK TOGETHER TO: • Provide security hardening (e.g., reducing the attack surface) • Prevent threats from becoming breach entry points • Balance operations requirements of availability and capacity with the needs of security • Understand threat reports from different providers • Optimize maintenance windows • Improve response times The value of the BMC product offerings of BladeLogic Server Automation, BladeLogic Network Automation, and BladeLogic Threat Director is twofold: 1. For IT security, the solutions provide a dashboard with a real-time view into the plans and service level agreements (SLAs) of the IT operations team. 2. For IT operations, the solutions deliver prescriptive and actionable data to address security threats and vulnerabilities based on perceived impact and policy. The solutions deliver the ability to automatically link vulnerabilities to identified patches and create the offensive attack plan to deploy countermeasures on demand and eliminate the gap between IT security and IT operations. Addressing the Gaps Up until now this problem of eliminating the gap between IT security and IT operations has not been addressed. Enterprises use a variety of security tools that are essential to the protection of today’s complex enterprise software, systems, and infrastructure. All of these types of tools are defensive in nature and work incredibly well as a line of defense to detect security threats and vulnerabilities. At some point, the enterprise must be in an offensive position to create an environment that the hacker cannot exploit and does not want to exploit. BMC has figured out how to make it easy to take defen- sive data from vulnerability scans and use it for offensive purposes to automatically remediate security vulnerabili- ties. Because of its history with IT operations, BMC is aware of the struggles faced by IT operations teams that must make business critical decisions about security. This approach is strategic—be inhospitable to hackers by not letting them in at the outset. BMC products are purpose-built for IT security and IT operations teams to deliver an offensive approach through automation by avoiding, remediating, and identifying security threats and vulnerabilities that have the potential to harm the business. The ability of a solution to remediate the security threat or vulnerability is the difference between knowing there is a problem and knowing there is a problem that is solvable. BMC’s BladeLogic Server Automation and BladeLogic Network Automation are able to take vulnerability scan data as input and deliver remediation through automa- tion. Vulnerability scanning is exposing a problem but knowing what to do with that data is solving the problem. Enterprises need to have the problem solved. The enterprise must be in an offensive position … so that the hacker cannot and does not want to exploit. View the Web series: Hacker Hierarchy: BMC and GuidePoint Security Present a Hack and Defend Demo • Hacker Breaches the Perimeter • Hacker goes for Gooey Center • Hacker goes for the Crown Jewels READ THE FULL REPORT Additional Video
FBI’s James Comey accuses China of hacking into every major American company 72% of Black Hat Attendees Expect To Be Hit By ‘Major’ Data Breach Within A Year IT compliance and security: SecOps 2016 Cost of Data Breach Study: Global Analysis Gartner Says By 2020, 60 Percent of Digital Businesses Will Suffer Major Service Failures Due to the Inability of IT Security Teams to Manage Digital Risk Verizon DBIR: Mobile Devices Not A Factor In Real-World Attacks Mobile risk is a real number Most Americans don’t secure their smartphones Employees Are the Weakest Link in Computer Security Check Point Research Reveals Threat of Mobile Malware Persists as Attacks Targeting iOS Devices Increase Cyberattacks move to cloud with increased adoption PwC Study: Biggest Increase in Cyberattacks in Over 10 Years Cybercrime: Much more organized Center for Strategic and International Studies: Cybercrime and espionage costs $445 billion annually McAfee 2016 Threat Predictions What caused the Sony hack Anonymous’ Op Icarus campaign targets banks worldwide Increase in Insider Threat Cases Highlight Significant Risks to Business Networks and Proprietary Information Footnotes PwC’s 2014 U.S. State of Cybercrime Survey Markets for Cybercrime Tools and Stolen Data Target data breach has lingering effect on customer service, reputation scores IT Security and Operations Survey the Game Plan for Closing the SecOps Gap Zombie Servers: They’re Here and Doing Nothing but Burning Energy Neglected Server Provided Entry for JPMorgan Hackers A Game Plan for Closing the SecOps Gap: Coordinate Security and Operations Staffs to Improve Security, Uptime and Compliance IT Security and Operations Survey the Game Plan for Closing the SecOps Gap Data security laws and penalties: Pay IT now or pay out later 14 Security Fails That Cost Executives Their Jobs 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

More Related Content

PDF
Insights success the 10 best performing cyber security solution providers 4th...
byInsights success media and technology pvt ltd
 
PDF
Volume2 chapter1 security
byat MicroFocus Italy ❖✔
 
PDF
Five Network Security Threats And How To Protect Your Business Wp101112
byErik Ginalick
 
PDF
InformationSecurity_11141
bysraina2
 
PDF
Corporate Cybersecurity: A Serious Game
byTatainteractive1
 
PDF
Cyber security master class 2018
bySanjana Khound
 
PPT
Security in Web 2.0, Social Web and Cloud
byITDogadjaji.com
 
PPTX
Lessons v on fraud awareness (digital forensics) [autosaved]
byKolluru N Rao
 
Insights success the 10 best performing cyber security solution providers 4th...
byInsights success media and technology pvt ltd
 
Volume2 chapter1 security
byat MicroFocus Italy ❖✔
 
Five Network Security Threats And How To Protect Your Business Wp101112
byErik Ginalick
 
InformationSecurity_11141
bysraina2
 
Corporate Cybersecurity: A Serious Game
byTatainteractive1
 
Cyber security master class 2018
bySanjana Khound
 
Security in Web 2.0, Social Web and Cloud
byITDogadjaji.com
 
Lessons v on fraud awareness (digital forensics) [autosaved]
byKolluru N Rao
 

What's hot

PPTX
220715_Cybersecurity: What's at stake?
bySpire Research and Consulting
 
PDF
Why is cyber security a disruption in the digital economy
byMark Albala
 
PPTX
Cybersecurity & the Board of Directors
byAbdul-Hakeem Ajijola
 
PDF
Cyber Risk for Construction Industry
byBrianHuntMSFCPACRISC
 
PDF
American Bar Association guidelines on Cyber Security standards
byDavid Sweigert
 
PDF
Why Passwords are not strong enough
byEMC
 
PDF
Securité : Le rapport 2Q de la X-Force
byPatrick Bouillaud
 
PDF
Mobile malware and enterprise security v 1.2_0
byJavier Gonzalez
 
PDF
Managed security services for financial services firms
byJake Weaver
 
PDF
You Are the Target
byEMC
 
PDF
140707_Cyber-Security
byTara Gravel
 
PDF
Risky Business
bySamantha Park
 
PDF
Final cyber risk report 24 feb
bymharbpavia
 
PDF
IMC 618 - Public Relations Campaign
byStephanie Holman
 
PDF
csxnewsletter
byDominic Vogel
 
PDF
Axxera End Point Security Protection
byShawn Crimson
 
PPTX
August 2017 - Anatomy of a Cyber Attacker
byseadeloitte
 
PPTX
September 2019 part 9
byseadeloitte
 
PDF
Analyst Report: The Digital Universe in 2020 - China
byEMC
 
PDF
Cybersecurity in the Age of Mobility
byBooz Allen Hamilton
 
220715_Cybersecurity: What's at stake?
bySpire Research and Consulting
 
Why is cyber security a disruption in the digital economy
byMark Albala
 
Cybersecurity & the Board of Directors
byAbdul-Hakeem Ajijola
 
Cyber Risk for Construction Industry
byBrianHuntMSFCPACRISC
 
American Bar Association guidelines on Cyber Security standards
byDavid Sweigert
 
Why Passwords are not strong enough
byEMC
 
Securité : Le rapport 2Q de la X-Force
byPatrick Bouillaud
 
Mobile malware and enterprise security v 1.2_0
byJavier Gonzalez
 
Managed security services for financial services firms
byJake Weaver
 
You Are the Target
byEMC
 
140707_Cyber-Security
byTara Gravel
 
Risky Business
bySamantha Park
 
Final cyber risk report 24 feb
bymharbpavia
 
IMC 618 - Public Relations Campaign
byStephanie Holman
 
csxnewsletter
byDominic Vogel
 
Axxera End Point Security Protection
byShawn Crimson
 
August 2017 - Anatomy of a Cyber Attacker
byseadeloitte
 
September 2019 part 9
byseadeloitte
 
Analyst Report: The Digital Universe in 2020 - China
byEMC
 
Cybersecurity in the Age of Mobility
byBooz Allen Hamilton
 

Similar to idg_secops-solutions

PDF
Dell Technologies Cyber Security playbook
byMargarete McGrath
 
PPTX
CyberSecurity Threats in the Digital Age(1).pptx
byzainchaudary496
 
PDF
1. security 20 20 - ebook-vol2
byAdela Cocic
 
PPTX
Top 12 Threats to Enterprise
byArgyle Executive Forum
 
PDF
Security - intelligence - maturity-model-ciso-whitepaper
byCMR WORLD TECH
 
PDF
Top 10 Cyber security Threats | Cyber security
byHeritageCyberworld
 
PDF
Get Prepared
byHewlett Packard Enterprise Business Value Exchange
 
PDF
Cybersecurity Challenges - Identifying Key Threats and Trends.pdf
bySeasiaInfotech2
 
PDF
Security Industry Overview
byThomvest Ventures
 
PDF
Cybersecurity-Protecting-Our-Digital-World (1).pdf
byJitendraGupta187
 
PDF
5 network-security-threats
byReadWrite
 
PDF
Presentation 10 (1).pdf
byKARANSINGHD
 
PDF
F5 Hero Asset - Inside the head of a Hacker Final
byShallu Behar-Sheehan FCIM
 
PDF
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
byOrganization
 
PPTX
10 Things to Watch for in 2016
byCourion Corporation
 
PPTX
10 IT Security Trends to Watch for in 2016
byCore Security
 
PDF
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
byRakeshPatel583282
 
PDF
The State of Data Security
byRazor Technology
 
PDF
Cyber Security small
byHenry Worth
 
PPTX
IT Security Essentials
bySkoda Minotti
 
Dell Technologies Cyber Security playbook
byMargarete McGrath
 
CyberSecurity Threats in the Digital Age(1).pptx
byzainchaudary496
 
1. security 20 20 - ebook-vol2
byAdela Cocic
 
Top 12 Threats to Enterprise
byArgyle Executive Forum
 
Security - intelligence - maturity-model-ciso-whitepaper
byCMR WORLD TECH
 
Top 10 Cyber security Threats | Cyber security
byHeritageCyberworld
 
Get Prepared
byHewlett Packard Enterprise Business Value Exchange
 
Cybersecurity Challenges - Identifying Key Threats and Trends.pdf
bySeasiaInfotech2
 
Security Industry Overview
byThomvest Ventures
 
Cybersecurity-Protecting-Our-Digital-World (1).pdf
byJitendraGupta187
 
5 network-security-threats
byReadWrite
 
Presentation 10 (1).pdf
byKARANSINGHD
 
F5 Hero Asset - Inside the head of a Hacker Final
byShallu Behar-Sheehan FCIM
 
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
byOrganization
 
10 Things to Watch for in 2016
byCourion Corporation
 
10 IT Security Trends to Watch for in 2016
byCore Security
 
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
byRakeshPatel583282
 
The State of Data Security
byRazor Technology
 
Cyber Security small
byHenry Worth
 
IT Security Essentials
bySkoda Minotti
 

idg_secops-solutions

  • 1.
    SecOps Solutions Help TeamsAddress Critical Security Vulnerabilities
  • 2.
    o company isimmune from cyberattacks. As FBI director James Comey famously noted, there are now two kinds of big companies: those that have been hacked and those that don’t know they’ve been hacked.1 Security threats are a more serious and frequent problem than ever. As hackers demonstrate increasing sophistication, enterprises are bracing for the worst. At the annual Black Hat gathering of security professionals, 72% of the people responding to an attendee survey said it was likely that their organizations would suffer a major data breach in the next 12 months and 15% said they had “no doubt,” up from 13% last year.2 It’s one thing to say that your company could be a victim; it’s quite remarkable when the overwhelming majority has no doubt that they are destined to suffer a major security breach. That pessimistic view of the threat environment was consistent with the security worries expressed by many other business executives. Case in point: A whopping 97% of the executives polled in a recent BMC-Forbes Insights survey expected a rise in data breach attempts in the next 12 months, and 99% said they planned to invest more in security than they did in 2015.3 Not only are the security challenges facing IT greater than ever but the price of failure is also climbing. Since 2013 the total cost of a data breach has increased 29%, to an average of $4 million per incident.4 The height- ened threat landscape means that enterprises must learn to manage what Gartner describes as an “acceptable” level of digital risk.5 There are new potential points of vulnerability: As organizations migrate data to the cloud, expand their deployment of mobile computing, and embrace the Internet of Things, security executives confront threat environments with more potential digital touchpoints to protect. Mobile Mobile devices were, until recently, a negligible source of data breaches, with less than a 1% infection rate in 2015.6 Looking back, that was the calm before the N storm. A year later, more than three-fifths of IT security professionals at Global 2000 companies believe that it is either certain or likely that their organizations has suffered a data breach related to the use of mobile devices.7 Many device owners still fail to take basic steps to secure their devices with passwords, personal identifica- tion numbers, or pattern locks.8 The risk is amplified by the growing popularity of bring-your-own-device, with employees using their personal devices for work. That presents a new calculus of worry, given that employees still constitute the weakest link in any defense.9 Cybercriminals have taken due notice, with malicious code writers embedding malware into legitimate mobile applications.10 Elsewhere, cybercriminals are targeting poorly secured Wi-Fi hotspots that aren’t under the control of network administrators. They steal passwords or erect rogue Wi-Fi access points that mimic the characteristics of trusted networks to dupe mobile users into connecting to their access points. The Cloud The cloud has moved beyond the early-adopter phase, with more than 90% of organizations now using some form of cloud computing in their operations. The shift is particularly noticeable among large enterprises that were slower to embrace the cloud. As the cloud handles more of our data, it also presents a more visible target for cyberattackers. As information gets dispersed in hybrid environments that combine public clouds, private clouds, and on-premises systems, intruders are probing for vulnerabilities, using many of the same techniques they have employed successfully elsewhere to break into corporate networks. Attackers regularly test cloud security with exploits such as SQL injection flaws and spear-phishing campaigns, trying to take advantage of poor user security practices as well as network misconfigurations that result in badly designed APIs and interfaces.
  • 3.
    A more recentwrinkle in cloud-related security stems from the practice of many departments of procuring hardware and software without explicit organizational approval. The popularity of “shadow IT” presents a formidable security challenge to CISOs and CIOs, who find out only after the fact—and only if they’re lucky- when new systems and solutions are being added. The risk is that attackers will exploit unauthorized products that have weak security controls to penetrate the corporate cloud. SCOPE OF THE CURRENT THREAT ENVIRONMENT: The volume and types of cyberattacks have increased in scope and complexity, to the point where Internet crime has become a veritable growth industry.12 Security executives responsible for protecting their organization’s data must now defend against a constel- lation of threats that include malware, ransomware, advanced persistent threats, theft of proprietary information, and insiders seeking to steal the organization’s digital crown jewels via unauthorized access to corporate data. Threats and motivations: A. Cybercriminals and organized crime: Sophisticated criminals—domestic and foreign—have been attracted to cyberspace because that’s where the money is. Businesses nowadays face regular attacks by sophisti- cated criminal organizations that operate with the professionalism, discipline, and structure of legitimate enterprises.13 Indeed, the sale of stolen intellectual property and other information on the black market constitutes a big and growing business. Economists estimate the annual cost of cyberattacks to the world economy at around $445 billion, or almost 1% of global income.14 B. Nation-states: Proxies operating at the behest of nation-states are targeting enterprises as part of their sponsors’ information-gathering and espionage activities.15 The attackers’ goals range from stealing intellectual property to disrupting a company’s com- puter networks to make political points, such as in the attack against Sony in 2014.16 C. Hacktivists: Unlike the pranks and practical jokes that characterized the early years of hacktivism, the current generation of individuals or groups practicing hacktivism can inflict serious damage on their targets. The inspiration behind the attacks is random, although the intent is often to make a political or moral point- witness the hack last year of the Ashley Madison website, which revealed personal user data identifying millions of would-be spousal cheaters. Hacktivists have also grown increasingly sophisticated. Case in point: a series of distributed denial-of-service attacks targeting banks around the world this past spring, which also marked the reappearance of the hacktivist group Anonymous.17 D. Malicious insiders: Both the FBI and the Depart- ment of Homeland Security warn that malicious insiders now pose a significant risk to business networks and their information.18 Indeed, insider crimes can be costlier or more damaging than outsider threats.19 Motivated by revenge, politics, or financial gain, insiders may include employees, contractors, or vendors who have intimate knowledge of an organization and its systems—as well as the whereabouts of its most valuable information. 97% of execs expect a rise in data breach attempts in the next 12 months. 99% of execs plan to invest more in security in the next 12 months than they did in 2015.
  • 4.
    Security Is NowEveryone’s Responsibility It wasn’t long ago that cybersecurity was the exclusive purview of the IT department. No longer. The main- streaming of cybercrime tools and techniques puts new responsibilities on the entire enterprise to implement best practices.20 That means it’s now up to CIOs and CISOs to manage the security of their digital assets with strategies that meet the enterprise’s overall business objectives while also promoting security as a shared corporate social responsibility. Forrester Research frames data security as a corporate social responsibility. Clearly, data security and privacy protection now rank as core business concerns and go to the heart of what it means to be a trusted brand rather than simply an organization that meets basic compliance obligations. Competitive impact: When discussing strategic objectives, organizations need to include security and customer data protection as chief priorities. Data breaches and regulatory audits following a compromise can affect a company’s reputation as well as its competi- tive ranking when customers, uneasy about a company’s ability to protect personal data, vote with their feet.21 Current Tools, Processes, and Teams Still Fall Short Against a backdrop of rising attacks, the tools, processes, and teams tasked with protecting organiza- tions aren’t keeping up with the challenges. FAILURE TO FIX KNOWN ISSUES New vulnerabilities emerge literally each day, but organizations still lag in their patch implementation response times, according to the “Cisco 2016 Midyear Cybersecurity Report.” About half of all exploits now take place between 10 and 100 days after the vulnerabil- ity is published, with the median number estimated to be around 30 days, says the “Verizon 2016 Data Breach Investigations Report.” The failure to patch known vulnerabilities in a timely fashion—it takes an average of 193 days a patch to be installed that will fix known vulnerabilities—allows intruders to exploit the path of least resistance and attack unpatched vulnerabilities. Unfortunately, different priorities have led to poor synchronization between Security and Operations, preventing agreement on which systems they ought to fix first.22 ZOMBIES OPEN DOORS TO HACKERS By one estimate, there are as many as 10 million servers around the world that do little but consume electricity.23 These so-called zombie servers aren’t just wasting billions of dollars in energy costs; left unattended or not kept up-to-date with the latest patches, they also offer backdoor entry points through which intruders can access company networks. For example, when cyber- criminals hacked into J.P. Morgan in 2015 and stole information on more than 80 million account holders, they got in by exploiting a no updated server.24 Among enterprises, 50% experience outages and poor performance in IT systems due to poorly applied security patches, further underscoring the poor collabo- ration between the security and operations depart- ments. Their inability to prioritize and fix vulnerabilities is responsible for unnecessary downtime as well as lingering security vulnerabilities.25 44% of executives say security breaches occur even when vulnerabilities and their remediation have already been identified 44% of executives say it takes their businesses weeks to fix high-impact vulnerabilities.
  • 5.
    The Big Disconnect Asthey battle external threats, companies are also weighed down by bureaucratic silos that negatively affect integration and coordination between Security and Operations. In fact, some 60% of executives surveyed by BMC and Forbes Insights said that the two groups often have little understanding of the other’s requirements, an organizational obstacle that results in poor collaboration.26 The upshot: system downtime, excessive labor costs, and challenges in meeting regula- tory requirements and staying audit-ready. Although each is essential for the success of any organization, the responsibilities of two key stakehold- ers often have them working at cross-purposes to identify, remediate, and track vulnerabilities easily. Whereas Operations is focused on maintaining the productivity and competitiveness of the enterprise, the security team’s prime directive is to do whatever is possible to keep the organization safe from attack. Even though the security team provides overall security policies and compliance terms, it doesn’t have the authority to implement the steps needed to address the issues across the organizations. Although it may seem to think it is “done” once it has highlighted the problem or opened a ticket, the reality is that the work is really just beginning at that point. The challenge is made that much steeper by the fact that the groups are stuck on opposite sides of what we describe as the SecOps gap, driven by competing priorities and tech tools that don’t mesh. Operations teams are responsible primarily for uptime and stability. But when Operations receives information from its Security counterparts, it frequently lacks the automation or the context needed to take or prioritize action to meet the demands of the business. Logjams result when reports arrive that were composed for use by the security team, not Operations. If a multi- thousand-line report is organized by IP address, Opera- tions can’t do anything with it if that department doesn’t track IP addresses. Even if it is able to read the report, Operations is still left to manually hunt down the common vulnerabilities and exposures (CVEs) or fixes and then manually set them up to deploy. How bad does it get? This manual effort and the lack of coordina- tion lead to huge time losses, and the hackers take advantage. IMPACTS ON THE ORGANIZATION Poor coordination between Security and Operations has ripple effects throughout the rest of the organiza- tion. In the survey by BMC and Forbes Insights, 34% of the responding North American executives and 54% of the European respondents said that it takes weeks to resolve a “high-impact vulnerability” in applications or operating systems once a patch becomes available. In more than one-third of the cases, delays occurred during attempts to prioritize which systems should be addressed first. DISJOINTED EXECUTION Organizations need better visibility to prioritize critical issues so they can confidently protect customers. At first blush, that seems straightforward and unremark- able. But the lack of integration between Security and Operations makes this anything but easy. What may seem like a high priority to security executives may not be viewed that same way by the operations team, where the focus is on uptime and performance. The organizational disconnect also has ramifications in other areas of corporate performance, particularly when it comes to regulatory compliance. The failure to align around a set of common compliance objectives creates blind spots, overlap, and duplicative efforts. Most organizations are forced into a stream of manual processes or tools that aren’t built for the problem. This leaves them frustrated to the point that they just give up because they can’t keep up with the volume, complexity, and scale. on average, to resolve a known vulnerability. It takes 193 days
  • 6.
    Penalties for Failingto Avoid Data Breaches The lack of integration and coordination between Security and Operations leaves enterprises open to security risks, including the theft of IP, financial losses, compromised customer data, damaged reputation, and regulatory sanctions. Federal and state laws governing data privacy exact severe penalties on organizations that fail to implement appropriate data security measures.27 Cybersecurity has become a business issue that now demands active involvement from the top management of an organization. When data breaches occur, the failure to protect the information of the company and its customers can cause CIOs, CISOs, and even CEOs to lose their jobs.28 Repairing the SecOps Gap The absence of integration between Security and Operations comes at the very worst time and has created a veritable SecOps gap that handicaps an organization’s ability to defend itself in today’s elevated security threat environment. Enterprises have a tough enough job identifying, remediating, and tracking vulnerabilities easily. Their task is made unnecessarily harder when there are clashing priorities, tools that fail to mesh well, and too little technology automation. Instead of working at cross-purposes, Security and Operations can merge heretofore disconnected initia- tives into a unified process that fosters close alignment that pays dividends for both teams—from accelerating the process of vulnerability resolution to reducing the costs of remediation. AUTOMATION CAN ADDRESS THE PROBLEM The biggest risks facing companies are the things they don’t know about—and they need to be addressed to reduce the unknown risk of blind spots. Organizations have a limited ability to take action and fix vulnerabilities if they don’t possess scalable processes and contextual- ized information. What’s more, they will be hard- pressed to know whether they are indeed fixing the most important problems if they can’t prioritize risks. There is no shortage of unknowns in this era of digital transformation, stepping up the pressure on both the security and operations teams to understand what is in their environments at any given time. That’s no easy task. Given the myriad of new security and regulatory compliance demands on their IT infrastructure, the job of putting in place controls governing this changing set of policies can prove overwhelming. That’s where enterprises need an automated SecOps solution that offers effective compliance controls, rapid remediation, and blind spot detection. wanted a centralized view into vulnerabilities and remediation actions. of the survey respondents wanted tools for automating corrective actions, and 59% 60% Conclusion Collaborative workflow processes that eliminate friction and misalignments between the security and operations teams sharply lower the risk of data loss and operational downtime. Now, more than ever, enterprises can advance their overall business agenda by closing the SecOps gap and minimizing communications breakdowns that leave organizations vulnerable to cyberattacks. As the industry’s SecOps leader, BMC offers technology solutions that offer security teams visibility into opera- tional plans while providing operations with an action- able view of threat information based on risk level. • Learn how automation can close the SecOps gap. • See BMC BladeLogic Threat Director in action.
  • 7.
    Here is anexcerpt from the Voke Research Solution Snapshot™ report: BMC SecOps Solutions. Market Context Each day security breaches have a profound impact on the way a business interacts with its customers. When the news of a security breach breaks, businesses are immediately thrown into crisis management mode. In many cases, hacker access company systems months before breaches get identified, confirmed, and reported. This problem of delayed acknowledgment of a hacker entering into a system is a costly endeavor. More importantly, and ultimately costlier, it is taking excessive amounts of time to remediate a known vulnerability. The gap between IT security and IT operations widens each time a known vulnerability is not remediated in a timely and business-oriented fashion. Surprisingly, most security vulnerabilities are known and have published patches; however, the patches are not always installed in timely fashion. Attackers know this and will exploit unpatched, known vulnerabilities, to harm your business and brand while threatening the privacy, health, or safety of your customers. Both the IT security and IT operations teams are responsible for protecting the IT infrastructure. But their defined goals for carrying out their respective roles can come into conflict. The IT security team runs scans for vulnerabilities and provides overall security policy, compliance, and governance terms. While the IT security team highlights the issues, the ownership of implementation to address the issues is the responsibility of IT operations. The IT security team may or may not understand the opera- tional impact of these policies, compliance, and govern- ance terms. Meanwhile, the IT infrastructure is dynamically managed by IT operations teams to meet the demands of high availability for productivity against the ever-present risk of failure. IT operations, which constitutes the first line of defense in a security breach, is also the first team responsible for system stability and uptime. Hence the conundrum that IT security and IT opera- tions teams face: How will IT operations know what to do with the recommendations from the IT security team? And how will the IT security team understand the operational impact of what the IT operations team does or does not do? It’s up to CIOs and CISOs to sort this out and eradicate the isolation and contention between the departments. Strong executive leadership can ensure collaboration between IT security and IT operations by leveraging automation to proactively protect the IT infrastructure. Organizations must use processes and technology to unite the IT security and IT operations teams with more focus on collaboration and visibility, while allowing the IT operations team to take a more active role in IT security. But this gets complicated. Opening the ticket is only the beginning of the problem resolution path to remediat- ing security vulnerabilities. While IT security and IT operations teams remain independent of one another, they still must find ways to cooperate. Additional Reading Both the IT security and IT operations teams are responsible for protecting the IT infrastructure. But their defined goals for carrying out their respective roles can come into conflict. Strong executive leadership can ensure collaboration between IT security and IT operations by leveraging automation to proactively protect the IT infrastructure.
  • 8.
    IT Complexity IT securityand IT operations usually function in isolated silos. Elements of the gap that exists between the two teams include: • Lack of process integration • Lack of automation to quickly implement recommended patches • Conflicting priorities between the two teams (i.e., governance vs. stability and uptime) • Lack of insight between IT security and IT operations regarding a pipeline of planned patches • Lack of collaboration to make systems more reliable and predictable in order to achieve better business outcomes Poor handoffs between IT security and IT operations on vulnerability information • Lack of understanding between IT security and IT operations on initiatives and requirements of each team Lack of coordinated efforts to create a path to operationalize security While both IT security and IT operations perform discrete functions as they relate to the systems and software, the two teams must no longer work in isola- tion. Each team must retain independence but work towards operationalizing security for the betterment of the business. The call for both teams to work together and eliminate the persistent gap is not an option. It is a necessity. But too often teams are isolated from one another and do not have clear lines of communication with insight into the results of actions conducted by the teams. Because of this isolated approach to overall security, attackers are able to take a path of least resistance and exploit vulnerabilities that have languished for months or years. BMC Rolls Out Modern Solutions Enough businesses have been damaged by security breaches that, in hindsight, were preventable. Enough individuals have been victims of hacks. It is now time for IT security and IT operations to heed the needs of the business and work together to solve the technical problems presented by ongoing security threats and vulnerabilities. Often, hackers have been found to lurk in systems for months or years before an actual attack was identified and made public. These scenarios are the stuff of dreams for nefarious hackers and yet enterprises have a “why bother” attitude of coordinated IT security and believe that an attack is simply a matter of time. Two types of enterprises exist—those that know a security vulnerability has been exploited and those that do not know that a security vulnerability has been exploited. Too frequently IT security becomes a top priority only when an enterprise experiences a damaging security breach. This cycle will continue to play out unless there is a concerted effort by IT security and IT operations to change their behaviors to be more proactive and focus on ensuring secure operations. Two types of enterprises exist—those that know a security vulnerability has been exploited and those that do not know that a security vulnerability has been exploited. It is up to the IT operations teams of every enterprise to know and communicate this status. Unfortunately, in most enterprises today, the classic finger-pointing of IT security and IT operations is a reality. It is safe to say that IT operations does not understand the intricacies of what IT security does, And, IT security does not understand the intricacies of what IT opera- tions does. This is not a fault of one team or the other. It is simply two distinct professional teams with differ- ent roles for achieving the same goal. IT security and IT operations must work more closely together to main- tain secure operations. Enterprise organizations must set a mandate to opera- tionalize security from the C-level to mitigate the business risk of security threats and vulnerabilities. Adopting solutions such as BMC’s BladeLogic Server Automation, BladeLogic Network Automation, and BladeLogic Threat Director will help solve technical
  • 9.
    problems and forma well-coordinated offensive approach to solving ever-present security threats and vulnerabilities. Solutions that are purpose-built for operationalizing security allows more visibility into the role of IT security and IT operations. Hackers are aggressive, intrusive, and invasive unwanted guests. Enterprises must combat the criminal vigorously, actively, and boldly to protect the business. Solutions such as BMC SecOps will help organizations defeat 21st century enemies. Solution Overview BMC’s BladeLogic Server Automation, BladeLogic Network Automation, and BladeLogic Threat Director (released in April 2016) are the company’s product offerings to bring a better approach for IT security and IT operations teams to work together. Joint account- ability between the teams is critical in order to deliver a unified and coordinated security approach for physical or virtual IT infrastructure assets in the traditional data center or in the cloud. Since its founding in 1980, BMC has been a trusted and reliable partner to enterprise IT operations profession- als. BladeLogic Server Automation, BladeLogic Network Automation, and BladeLogic Threat Director work in combination to help enterprise IT teams automatically link security vulnerabilities to identified patches and create the attack plan to deploy countermeasures on demand. Solving this technical problem with a purpose- built solution mitigates the business risk associated with security threats and vulnerabilities. BMC positions the combined offering of BladeLogic Server Automation, BladeLogic Network Automation, and BladeLogic Threat Director as “vigilant, precise, and relentless automation in pursuit of security for the digital era”. Here are highlights of how the products work together to achieve a unified attack on security threats and vulnerabilities. 1. Compliance Digital initiatives are forcing enterprises to conduct business in new ways and consequently exposing enterprises to new and unique security and risk challenges. These new ways of conducting business bring the need for advanced security and regulatory compliance protection and enforcement. Failure to adequately enforce and protect these complex regulatory standards results in damaging business consequences. BMC products work in concert to achieve an “audit- ready” state at all times through vigilant compliance. The “audit-ready” state is critical to protecting data security and privacy and means that time to create reports or prove compliance is reduced, while allowing IT operations professionals to engage in more meaning- ful work. 2. Precise Threat Analysis Getting the right information to the right people at the right time about a security threat or vulnerability is critical in avoiding security incidents. Precision in gathering the correct information means that the business is protected because threats are prioritized and attack plans are based on needs and parameters of the business. BMC products work together to deliver precise threat analysis to: Identify and target the most vulnerable systems Isolate what to remediate and how to remedi- ate it Provide current and up-to-date status for the entire environment This means that both IT security and IT operations teams have the same information to work with to address threats and close the window of risk. 3. Remediation The biggest and most intellectually challenging problem IT operations professionals deal with is how to keep everything running at an acceptable performance level while reducing the attack surface. IT operations professionals live in a dual state—a proac- tive state of maintaining productivity of systems and a reactive state of patching and fixing when a security vulnerability is identified. IT operations professionals must be able to be proactive in both states. That means that the resolution of security threats and vulnerabilities must be accelerated while protecting uptime. BMC has an offering they describe as “vigilant, precise, and relentless automation in the pursuit of security for the digital era.”
  • 10.
    SECURITY INCIDENTS MUSTBE AVOIDED. BMC PRODUCTS WORK TOGETHER TO: • Provide security hardening (e.g., reducing the attack surface) • Prevent threats from becoming breach entry points • Balance operations requirements of availability and capacity with the needs of security • Understand threat reports from different providers • Optimize maintenance windows • Improve response times The value of the BMC product offerings of BladeLogic Server Automation, BladeLogic Network Automation, and BladeLogic Threat Director is twofold: 1. For IT security, the solutions provide a dashboard with a real-time view into the plans and service level agreements (SLAs) of the IT operations team. 2. For IT operations, the solutions deliver prescriptive and actionable data to address security threats and vulnerabilities based on perceived impact and policy. The solutions deliver the ability to automatically link vulnerabilities to identified patches and create the offensive attack plan to deploy countermeasures on demand and eliminate the gap between IT security and IT operations. Addressing the Gaps Up until now this problem of eliminating the gap between IT security and IT operations has not been addressed. Enterprises use a variety of security tools that are essential to the protection of today’s complex enterprise software, systems, and infrastructure. All of these types of tools are defensive in nature and work incredibly well as a line of defense to detect security threats and vulnerabilities. At some point, the enterprise must be in an offensive position to create an environment that the hacker cannot exploit and does not want to exploit. BMC has figured out how to make it easy to take defen- sive data from vulnerability scans and use it for offensive purposes to automatically remediate security vulnerabili- ties. Because of its history with IT operations, BMC is aware of the struggles faced by IT operations teams that must make business critical decisions about security. This approach is strategic—be inhospitable to hackers by not letting them in at the outset. BMC products are purpose-built for IT security and IT operations teams to deliver an offensive approach through automation by avoiding, remediating, and identifying security threats and vulnerabilities that have the potential to harm the business. The ability of a solution to remediate the security threat or vulnerability is the difference between knowing there is a problem and knowing there is a problem that is solvable. BMC’s BladeLogic Server Automation and BladeLogic Network Automation are able to take vulnerability scan data as input and deliver remediation through automa- tion. Vulnerability scanning is exposing a problem but knowing what to do with that data is solving the problem. Enterprises need to have the problem solved. The enterprise must be in an offensive position … so that the hacker cannot and does not want to exploit. View the Web series: Hacker Hierarchy: BMC and GuidePoint Security Present a Hack and Defend Demo • Hacker Breaches the Perimeter • Hacker goes for Gooey Center • Hacker goes for the Crown Jewels READ THE FULL REPORT Additional Video
  • 11.
    FBI’s James Comeyaccuses China of hacking into every major American company 72% of Black Hat Attendees Expect To Be Hit By ‘Major’ Data Breach Within A Year IT compliance and security: SecOps 2016 Cost of Data Breach Study: Global Analysis Gartner Says By 2020, 60 Percent of Digital Businesses Will Suffer Major Service Failures Due to the Inability of IT Security Teams to Manage Digital Risk Verizon DBIR: Mobile Devices Not A Factor In Real-World Attacks Mobile risk is a real number Most Americans don’t secure their smartphones Employees Are the Weakest Link in Computer Security Check Point Research Reveals Threat of Mobile Malware Persists as Attacks Targeting iOS Devices Increase Cyberattacks move to cloud with increased adoption PwC Study: Biggest Increase in Cyberattacks in Over 10 Years Cybercrime: Much more organized Center for Strategic and International Studies: Cybercrime and espionage costs $445 billion annually McAfee 2016 Threat Predictions What caused the Sony hack Anonymous’ Op Icarus campaign targets banks worldwide Increase in Insider Threat Cases Highlight Significant Risks to Business Networks and Proprietary Information Footnotes PwC’s 2014 U.S. State of Cybercrime Survey Markets for Cybercrime Tools and Stolen Data Target data breach has lingering effect on customer service, reputation scores IT Security and Operations Survey the Game Plan for Closing the SecOps Gap Zombie Servers: They’re Here and Doing Nothing but Burning Energy Neglected Server Provided Entry for JPMorgan Hackers A Game Plan for Closing the SecOps Gap: Coordinate Security and Operations Staffs to Improve Security, Uptime and Compliance IT Security and Operations Survey the Game Plan for Closing the SecOps Gap Data security laws and penalties: Pay IT now or pay out later 14 Security Fails That Cost Executives Their Jobs 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28