Speaking of nightmares… ever tried to implement a tool without a process? Does that sound crazy to you? If it doesn’t, you are not alone. Thousands of companies try to implement management platforms and other tool solutions without properly discovering, defining, and maturing processes that are designed to direct and streamline their organization. Usually tools are acquired to improve a process. Without a process for the tool to act on, all you could be doing is adding another layer of confusion to an already chaotic situation.
Imagine you are tasked with making wine from scratch. You could take all your ingredients of grapes, grapes, and more grapes and throw them into a vat and stomp all over them. Pour it out and serve? Is that even right? Sure doesn’t taste like the wine you tasted in Napa Valley last summer, does it?
Focusing on the tools and neglecting the process will leave with you poor results... and nasty toe flavored “wine”. When it comes to security having a streamlined, efficient, and clear cut process can be the difference between success and failure when preventing or stopping cyber attacks.
Many organizations treat IT and Security as separate entities. Security groups are islands, siloed from IT, and there are typically many silos within silos within Security as well. (For example, the intrusion detection people vs the vulnerability managers, or the IT operators vs the developers…you get the idea). The strong divide between the organizations result in poor coordination of activities, an incomplete closed loop process, and “throwing over the wall” of responsibilities and blame.
Organization and Process are elements that are fundamental to an organizations ability to execute security tasks and respond effectively to security events. Once these elements are in place, automated tools provide speed and efficiency.
Here are a few ways to get started on improving your organization’s Security:
1. Organization Improvements
Tool automation, asset discovery and administration, a common operational picture, and even automated remediation are now available in a plethora of new unified security tool offerings. That’s great, but trying to leverage data and resources across disparate siloes without breaking down the walls between them will leave you with the same fragmented result you started with-just in a shiny new tool.
How can you benefit from compartmentalized security data and leverage automation across the whole organization?
First: Tear down the walls between the security groups
To leverage all security resources, you must unify your data. To do so, security groups that create and maintain the security data must also be united. Emphasis should be placed on the fact that offensive and defensive security operations have the same goal in mind: to prevent and defend against any security event that impacts secure and continuous business operations.
Second: Tear down the walls between the Security and IT
IT and Security often step on each other’s toes, as both organizations are responsible for managing changes that impact IT assets. Like tools and processes, Security and IT must be integrated and interlocked. Tools available today allow IT and Security to share awareness of changes in the organization that affect each other, and provide a collaborative environment for managing changes in each area without conflict, resulting in improvements in the organization – the latest solutions securely delivered.
2. Process Improvements
Most companies are still maturing their global security operations in light of rapidly growing numbers of cyber threats and attacks. New tool offerings, such as ServiceNow Security Operations, can help tailor operational processes. By committing to process continual improvement, organizational efficiencies can be identified to maximize organizational effectiveness.
As stated in our first Security blog, the extensive administrative processes that facilitate vulnerability management can also impede it. Being able to streamline these administrative processes can allow highly skilled security teams to focus on maintaining the security posture instead of being distracted by the administrative behind it all.
Why reinvent the wheel? Engage industry process experts to assist you in evaluating your current state and leverage best practices and a solid proven framework to improve your existing processes. The end result will be a tailored process that best suits your organization. Security (like other dynamic industries) requires a process, but a very unique process tailored to the defensive strategy of the organization. A well-defined process will include methods of escalation/resolution between the two organizations so that IT and Security Incidents, Problems and Changes can be linked seamlessly when needed. This process also allows for close loop accountability for both organizations to initiate and close out security incidents and vulnerabilities quickly.
3. Automated Notifications
Whether it is notifying other security teams or notifying other organizations, security changes impact everyone. A well-defined notification process provides clear visibility to all stakeholders which helps avoid business critical issues due to lack of communication. A well-defined communications plan provides assistance with short-term and long-term planning efforts and ensures security is always involved.
Process advisors can assist with identifying organizational stakeholders to ensure true accountability and ownership at the right levels of the organization. Notifications don’t work when the wrong information is sent to the wrong people. With a defined organizational framework in place, augmenting communications with automated notifications will provide visibility of changes across the organization, ensure owner accountability and traceability, and promote proper closure of incidents and changes.
Speed is key in security incident response and vulnerability management. Automated notifications can significantly reduce lag in the communication and shorten the triage process. Getting the right information to the right people faster can be the difference between a preventing a breach and living through a nightmare.
4. Asset Discovery and Risk Assessments
If your organization doesn’t have a comprehensive configuration management database (CMDB), security operations may be blind to many vulnerabilities and their impact to company assets, placing the organization at risk. If the organization does not know what assets are impacted, risk cannot be assessed. A comprehensive and accurate CMDB will provide status of all assets to IT and security, facilitating prioritization of tasks, management of changes, and awareness of the impact of new technologies on existing solutions. Knowledgeable advisors can assist in the process of building a comprehensive CMDB.
5. Automated Remediation
Unified tools and automation are familiar buzzwords, but they are only techno-speak if they are not applied correctly. Tools, in coordination with a CMDB, can trigger automated workflows for incident response and vulnerability management, compiling relevant data into information delivered to the right stakeholder in a timely manner. Unified tools employed process owners can help you design workflows that focus around the who, when, where, and what - empowering the right people, at the right time, with the right information.
6. Common Operational Picture
A single view of your security operations aggregated into a dashboard that provides critical information at-a-glance sounds like a fine wine that has been perfectly aged. The multitude of tools offered as solutions on the market today can be intoxicating. Let industry experts help you determine the appropriate tools to drive strategic decisions for your organization.
These guidelines will help transform your organization’s Security towards a streamlined, efficient, and clear cut process which will minimize future cyber security attacks.
Learn more about how improved processes and integrated automation within your organizational framework can streamline your security operations.