Securing the Digital Enterprise Through Improved SecOps Capabilities
While it has been hard to miss the rapid rise of DevOps, there’s another merging of IT management disciplines that IT service management (ITSM) professionals need to be aware of. As do their IT security management counterparts.
This time it’s SecOps. Doing whatever’s needed to ensure that organisations are adequately protected against the growing levels of security risk (and threats) and are able to cope with a spectrum of security activities – ranging from handling the increasing volumes of security alerts to the ability to respond to security incidents appropriately as and when they occur. With the latter particularly relevant in light of the new General Data Protection Regulation (GDPR) legislation.
The Authenticity of SecOps
Importantly, SecOps is not just a new buzzword riding on the coattails of DevOps. It’s an IT management need that’s recognised by two of the largest, and most influential, global research and advisory firms – Gartner and Forrester. In particular, the corporate needs related to:
- Identifying, prioritising, and responding to security threats faster
- Using fit-for-purpose processes and technology to bring together security incident response, vulnerability response, configuration compliance, and threat intelligence activities (and the involved data)
- Providing end-to-end security protection for the enterprise and the end user.
This blog outlines what SecOps is, how it helps, and what your organisation should be doing.
SecOps has yet to earn its own Wikipedia page and, given that different players have different agendas, there will most likely continue to be a variety of definitions for a while yet. For instance, one school of thought is that SecOps, or DevSecOps, is the coming together of security and DevOps. Another is that it’s the coming together of IT security management and IT operations management (ITOM).
A third definition is that SecOps is short for “security operations” – the ecosystem of people, processes, and technology that needs to be assembled to deal with modern IT security risks, threats, and issues. With this covering IT security capabilities such as:
- Threat intelligence
- Security incident response
- Vulnerability response
- Configuration compliance.
Importantly, with security no longer an isolated island of activity, and information, within the organisation. Working with other business functions to make security everyone’s concern and supported by fit-for-purpose technology that goes beyond discrete security-issue protection and detection activities.
Industry Analyst Firm View of SecOps
Gartner recognises that organisations are struggling to keep up with the growing security threat landscape due to a variety of internal challenges that include:
- A lack of suitable people and skills
- The reliance on manual activities and the issues this brings.
In response, it has defined a new market: Security Orchestration, Automation, and Response (SOAR). A related Gartner paper – “Innovation Insight for Security Orchestration, Automation and Response” (published in November 2017) – is available for download here (registration required).
This recommends that IT security and risk management leaders seek to leverage orchestration and automation in their threat-intelligence management, security-event monitoring, and incident response processes.
And Gartner is not alone in espousing the need for greater IT security orchestration and automation. In Forrester’s “The Top 10 Technology Trends To Watch: 2018 To 2020” (published in October 2017, paywalled content), the third trend relates to automating security intelligence and breach response capabilities. With the prediction that: “By 2019, established security teams with mature processes begin to tie response automation to improved threat intelligence”.
In many ways, it’s a similar scenario to the other use cases for enterprise service management – “The use of ITSM principles and capabilities in other business areas to improve performance and service” – such as in human resources (HR), facilities, and legal departments.
Where firstly, there’s the need to address the three internal operational challenges outlined by Gartner (in this case for IT security). And secondly, there are multiple tools and systems of record in play that make it harder for work to flow between people and tools, and for management to gain visibility into operations and performance (and thus improvement).
With the solution to these issues the use of ITSM best practice outside of ITSM, along with ITSM tool capabilities such as:
- Workflow automation
- Alerts and notifications
- Dashboards and reporting capabilities that leverage a single system of record
- Knowledge management
- Collaborative capabilities
- Self-service portals and mobile apps.
With this “back-office digital transformation” key in optimising organisational capabilities for dealing with the current and future IT security challenges and in delivering better business outcomes.
And as with the use of enterprise service management capabilities in HR say, the new technology is a mix of the augmentation and replacement of existing technology capabilities. Filling the gaps between disparate systems, supporting more-efficient workflows, providing automation and orchestration to reduce manual efforts (and errors), and offering a single system of record that provides greater visibility. All of which leads to greater SecOps capabilities, improved operations, and better business outcomes.
There are also benefits to be realised from the introduction of artificial intelligence (AI) capabilities. With the combination of Big Data and machine learning functionality used to support SecOps – making it easier for security staff to handle the increasing number of security-related alerts. Here algorithms are employed to automatically cluster and reduce security management alerts (and the associated operational “noise”).
More on the power and potential of AI can be read here.
What Your Organisation Needs to Do
As already mentioned in the definition section above, there are a variety of SecOps definitions out there. Thus, it’s important to understand what your organisation needs, in terms of better business outcomes from IT security activities, and then to seek out new capabilities that will help to deliver against them.
For example, in helping its customers with their security operations’ needs, ServiceNow natively provides intelligent workflows, automation, and orchestration capabilities. Plus, the ServiceNow platform provides a seamless connection with other corporate IT and business function capabilities and data.
The result being that customers can:
- Connect security operations with other business activities. For instance, easily handing off tasks between security and IT within a single platform that offers end-to-end and cross-functional insights, progress alerts and notifications, and a full audit trail.
- Integrate existing security and vulnerability products with ServiceNow security operations capabilities.
- Increase the speed of response and efficiency. In particular, reducing the time spent on basic tasks through automation and orchestration.
- Gain enterprise-wide insight into their security position. With role-based dashboards and reporting allowing both staff and management to improve decisions and actions and thus results.
Plus, ServiceNow is investing heavily in AI, with customers already seeing significant automation successes thanks to machine learning.
The bottom line is that there’s a better way to protect your organisation – through fit-for-purpose SecOps capabilities.
I will be presenting on SecOps at the Infosec event on Tue 5 June @ 14:00, Wed 6 June @ 14:00, Thu 7 June @ 10.30 on the Computacenter stand T155. Come along and share your thoughts on all things SecOps at one of these times and enter a draw to win some cool tech gadgets.