Why converged security matters: The business benefit of integrating security with IT operations

gerben verstraete.jpg

By Gerben Verstraete

 

Gerben Verstraete works in the CTO office of HP Software Professional Services, with a focus on BSM, Security and the transformation of IT operations.

 

Managing security risks in the enterprise takes a coordinated effort. In many organizations I work with, security is isolated from IT management functions and lacks complete insight into services operations. Security is often an afterthought when new IT capabilities are being built and deployed. This can be a huge liability when your trade secrets, customer details, or brand names are at stake.

 

By integrating information from IT operations and security, you can add enriched context to both infrastructure and security operations. Doing so lets you automate the process of pinpointing threats, thwarting harmful intrusions before they can cause significant damage.

 

Siloed departments hinder security efforts

These days everybody knows that you have to put firewalls in place to secure the perimeter. So over the last couple of years, security has shifted to applications, where 84 percent[1] of attacks occur. But the security operations center (SOC) has so many compliance issues to worry about, it barely talks to IT. That means the SOC has no insight into what’s going on in IT operations.

 

And because the SOC doesn’t have visibility into the infrastructure, it’s typically unaware of what the impact of a breach is to the business when a mission-critical application goes down. It sometimes takes weeks or months to pinpoint where the root cause of a problem lies. According to a recent Ponemon Institute cybercrime study sponsored by HP, the average time to resolve a cyber attack was 32 days.  

 

In my work with customers, I’m seeing three main factors that hamper application security:

 

  • Developers don’t start to think about security until they start testing, when it’s too late. They should be thinking about security as they write applications.
  • Security watches only what it’s told to; it can’t monitor what it doesn’t know about.
  • Security is not tied in to operations and other processes such as change management, so its data about the configuration of IT systems is not up to date.

 

The view from IT operations

IT has the end-to-end visibility into the services structure that the SOC lacks, but no one in IT is alarmed if they see a transient little performance spike. IT doesn’t associate the spike with a security breach.

 

But if IT shares data about the anomaly with the SOC, security now has the ability to correlate operations events with some suspicious traffic it sees happening on the outside. The SOC can take immediate action to halt the breach in its tracks.

 

What’s more, by correlating information between the SOC and IT operations, security processing can now be brought into business context, resulting in prioritized events immediately able to tell you which business applications are being affected, and therefore what the impact to the business will be. You can put resources on the problem immediately, instead of having to try to track down the problem by talking to a string of people individually.

 

Converged security lets you automate threat vigilance

In order to create that communication between IT and security, the SOC needs to deploy converged security. This process enables the SOC to automatically discover three critical aspects of IT operations:

  • What does the environment looks like
  • What comprises the environment
  • What changes are being made

               

By making change management and configuration management systems available to the security integrated enterprise management system (SIEM), IT operations and the SOC can share “defend” data from both systems with each other, giving the SOC the visibility it needs to automate comprehensive security operations.

 

Analytics at the heart of Intelligent Converged Security

While the above tactics are meant to gain quick wins, organizations will have to start correlating and analyzing all data from relevant management systems in real time. This would include not only configuration, event, log and metric data, as well as data from other management systems, but also consider transaction data with the ability to baseline what’s “normal.” Now you can detect anomalies and perform predictive failure analyses – complementing your knowledge of what “bad” looks like – enhancing your ability to protect against Advanced Persistent Threats (APT).

 

With my colleagues in HP Software Professional Services, I help customers integrate their SIEM with the configuration management system, so that security is integrated with IT service management.

For more information about using converged security to improve your business services, view my webinar on how to enhance your cyber security by leveraging real-time operational data.

 

Gerben Verstraete works in the CTO Office with HP Software Professional Services, a role which includes defining implementation strategies for global Fortune 500 customers. Mr. Verstraete is also responsible for the go-to-market services strategies for HP’s Software services & solution portfolio inclusive of Data Center Transformation and in particular the transformation of IT Operations. He regularly leads critical client engagements acting in CIO and VP/IT strategic advisory roles.

 

Related links:

 

[1] 2013 Data Breach Investigations Report, Verizon


Labels: HP BSM
Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
About the Author
This account is for guest bloggers. The blog post will identify the blogger.


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation