Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Changing the approach to security automation and cooperation

Michael Santarcangelo | March 23, 2016
Sean Convery shares his experience and insights on how security leaders can improve security automation, coordination with other teams, and boost their posture

gears cylinder

How effective is your understanding of what assets have? What about knowing where each asset is? Or who is responsible for handling the asset when you need to handle an incident?

How can you properly protect the company if you don't know what (and where) to focus on?

Most consider knowledge of company assets - including location, ownership, and custodian(s) - an essential first step of security. Otherwise, how do you know what you're protecting. Without that, what are you automating?

I recently talked with Sean Convery (LinkedIn), VP and GM, ServiceNowSecurity Business Unit. Responsible for delivering solutions to key information security challenges, Sean is focused on helping enterprise organizations maximize the effectiveness of security teams while improving and understanding their security posture.

Two things stood out to me during the conversation: Sean has a lot of useful insights that benefit security leaders, and ServiceNow is expanding to address security issues. This captured my attention because it likely signals an easy win for security leaders in organizations that already use ServiceNow.  

Here are the five questions Sean and I discussed.

How does an expertise in workflow and process automation benefit security teams?

By bringing order to the chaos. Security teams typically use emails, spreadsheets, phone calls and other manual processes to receive and analyze a steady stream of alerts from siloed security systems. More than 90 percent of the IT and security professionals Enterprise Strategy Group (ESG) recently surveyed confirmed they rely these on manual processes, even though they realize doing so limits their incident response effectiveness and efficiency levels. 

ESG also found that this reliance on manual tasks likely aggravates the divide between the IT and Security teams. The two groups are often disconnected and their goals unaligned. Fixing most security incidents or threats requires more effective collaboration between these teams. Buying more software to detect potential threats cannot adequately address these issues.

Replacing manual processes with automated workflows and systems management capabilities provides IT and security professionals with a single platform for responding to security incidents and vulnerabilities. An organization can significantly reduce the time it takes to identify and contain incidents and vulnerabilities, and reduce overall risk.

Let's talk about assets. We have to know what we have in order to protect it. What have you learned about discovering and mapping assets in a way that benefits security?

The hybrid IT infrastructure has become the norm as enterprises continue to migrate apps and information stores to public and private clouds, yet keep some systems in the data center. The network has become so complex and difficult to manage and secure, and that makes it easier for attackers to slip in unnoticed. According to the Ponemon Institute, it takes enterprises an average of 206 days to spot a breach and an average of 69 days to contain it.

 

1  2  3  Next Page 

Sign up for Computerworld eNewsletters.