Top 10 tips for effective SOC/NOC collaboration or integration. In 5 years the security operation center and IT operation center will integrate and bring more context to security events and help to search, store, and analyze machine data for operational intelligence
Yes, we are under attack now, your organization is under attack, your personal computer and mobile devices are under attack now. Your data is no longer secure. Your privacy may be breached.Security is a board level discussion now. The Chief Information Security Officer sits at the heart of the response to the growing threat. They have increased budgets now to address the growing threat and to keep the IT organizations safe. 56% ORGANIZATIONS HAVE BEEN THE TARGET OF NATION-STATE CYBER ATTACK – so there is a 50% chance that your organization may be attacked97% OF DATA BREACHES COULD HAVE BEEN AVOIDED through simple controls – so IT operations can no longer say security is not their concern11% OF TOTAL IT BUDGET SPENT ON SECURITY. It was 4% only ten years agoAlso,In 2011, Gartner survey of Enterprise CIO’s the 5 biggest challenges that enterprise faced in Security and risk were: Managing RiskReduce CAPEXFill Security GapsOptimize security gapsAdapt to changing regulations
The emergence of Enterprise 2.0 with social, mobile, local, and cloud applications within the enterprise have increased IT operational challenges. Other trends such as Bring your own device (BYOD) are adding new dimensions that are challenging for IT Operations due to diversified form, OS, vendors, etc. Your employees are demanding an open platform to collaboration better with your customers and partners. However, your IT operations may not be in position to support Enterprise 2.0 or BYOD due to security challenges or resource constraints. So, how do you align your business requirements and IT resources, while keeping it secure? If you look at those trends, they challenge the traditional notions of enterprise security. The traditional approach in IT security was to establish strong perimeters around the network and around a company’s computers that could keep bad guys out and let good guys in. Then set strict rules about what people allowed access can do. The bad guys are getting better, but as we change our IT environment we’re giving them more surface area from which to launch these attacks.The Data Breach Investigation Report (DBIR) of 2012 conducted by Verizon, states that 98% of the data breaches come from external agents. 97% of those breaches were avoidable through simple controls .In all of these breaches studied, 92% of them were reported by third parties. This is an embarrassment to organizations that did not even detect a breach in their internal IT systems.Cyber-threats have become more sophisticated, persistent, low, deep, and unpredictable. New research conducted on behalf of HP showed that the volume and complexity of security threats have continued to escalate. More than 50 percent of CEOssurveyed believed that security breaches within their organizations have increased during the past year alone.
As IT adopts cloud mobile and other services, assuring the performance and availability of these services becomes increasingly complex. IT Operators rely on various techniques such as a single consolidated/correlation engines but often times they have disparate monitoring that limits either the breadth or depth of data collection to only machine data from business critical applications. The data collected is typically un-structured and only kept for a short term, and there are no efficient tools to search any events or logsThis short retention of data limits the intelligence in the system as events that were fixed and annotated few months ago may not be stored to retrieve.From a security perspective, the perimeter of today's enterprise is porous, putting enormous pressure on customers’ risk and compliance systemsAnd leaving IT exposed.
The convergence of IT operations and security operations has been an ongoing effort in most of the dynamic enterprises. The benefits of this convergence is clear to many organizations that need to optimize resources, lower cost, increase efficiency in both groups, and deliver an open and secure platform for communication and collaboration.Collaborationbetween SOC/NOC facilitates a deeper understanding of roles, risks, threats, and security vulnerabilities enabling faster time to resolution through clear communication and comprehensive view of security health. This collaboration is effective when implemented through industry-leading enterprise tools that integrate and automate key IT operations and security operations functions.
However the Security and IT Operations groups are traditionally silo’ed teams with their own tools and information. This presents various challenges when trying to foster collaboration. Often times there is a lack of a single consolidated view that presents both security, business and IT operational key performance indicators. Additionally there is no unified data nor collaboration to ensure that networks and applications are secure and performing at optimal service levels.
During this webcast we will address these challenges with 10 tips to improve collaboration between Security and IT operations. Sri, if I’m an IT organization looking to start down the path of collaboration, where should I start?
This approach makes a lot of sense but IT and Security organizations have very different views on key IT performance and security data. How can I see everything?
Great! So now I have the ability to Collect bordless data from across my IT real estate to be able to see everythingBy integrating this into my event correlation engines now give me the ability to prioritize events based on business impact, end-user impact and now security impact.With this I also have an additional layer of details that complements my IT information providing me the necessary information to find the root cause of the issues faster, assign them to the right people, resolve issue timely and overall improve my service levels to the business.But IT is complex, I have adaptive virtual networks, new applications that are on-boarding regularly and an infrastructure that is constantly needing updates and changes. How can I roll out new technologies and manage all my services AND not introduce any security risk to the business?
I think I’m starting to see the value of collaborating between security and IT Operations. By sharing information I can deploy a better performing AND secure application, by using an automated secure network management tool, I can reduce outages and risk. And by sharing valueable configuration management information I can make changes without introducing risk and also make sure what I have is secure.However, this sounds like a lot of data. I don’t have the time or resources to spend analyzing and deciphering data not to mention go to different tools to find the security and performance data. What can I do to easily find and analyze both security and performance data?
Over the years I have had the opportunity to work with several customers that have gone through IT transformations. And what’s common across these transformations is taking a step back to look at the people process and tools needed to successfully change the way IT does business. The same is true when looking at unifying security and IT operation groups. Look at the tools being used by these groups and determine how you can utilize a tool set that fosters integration and a single view into both security and IT Operational data. These tools must also encourage sharing of knowledge with bi-directional information for unified and contextual views into the data that supports both collaboration as well as their own job functions. Finally the most important aspect are the people. Encourage job rotations, understand processes of each role and define new processes that encourage collaboration.
Adopting a new culture that encourages collaboration across two organizations that have been traditionally siloed will take time but the pays are worth the investment. Sri will cover how some of our customers have realized the value of unifying Security and IT operations and give you a first step you can take in the journey.