Light Dark
February 22, 2017 By David Strom 2 min read
CISO

Too often there is bad blood between the defenders and the fixers of corporate security. Remediation and security teams are often at odds with each other, with different perspectives, tools and ways to operate. Kenna Security laid out the issues and suggested ways for the two sides to bury the virtual hatchet and try to get along better.

Uniting Remediation and Security Teams

Some corporate managers see the security folks as part of the problem, but rarely as part of the solution. The defensive teams are responsible for identifying the risks, vulnerabilities and threats confronting the business, but they aren’t usually responsible for actually addressing those issues. Instead, they are viewed as the human equivalent of a frequent car alarm — always going off when the wind shifts or crying wolf at false red flags that don’t really identify actionable issues.

The defenders need the remediation teams — the individuals who typically don’t have security in their titles but are essential players in security nevertheless. These are the folks who have to clean up after an infection, update Windows after Patch Tuesday revelations, handle router firmware upgrades and perform other chores to keep the infrastructure humming along. They can come from many departments, including application developers, system administrators, DevOps leads and network operations center staffers, just to name a few.

Communication Breakdown

Not helping matters is how the defenders communicate with the remediators. A defender might, for example, send a huge, hundred-plus page report to someone with a note saying, “Fix these things” without even so much as a “please.” In another situation, defenders may run a vulnerability scanner that shows thousands of issues that need fixing. That has to change.

The time has come to put together a mechanism to bring both sides to a common goal. Defenders and remediators must work to understand where the other team is coming from and apply a little empathy to bridge the gap. There has to be agreement on common metrics to measure everyone’s success and a closed feedback loop so the two sides can monitor progress.

Shifting Perspective

For the two teams to collaborate effectively, they need to assess remediation resources and align them so that both defenders and the remediators are covered. For example, instead of listing hundreds of vulnerabilities, security teams should provide prescriptive direction, specifying which patches need to be applied to which servers.

The reality, according to the Kenna Security post, is that “100 percent, foolproof, absolute security isn’t a realistic goal, and if security is focused on that as an objective, they’re only setting everyone up for failure.” It is time to change that perception and perspective.

 |  |  |  |  | 
David Strom
Security Evangelist

More from CISO
October 27, 2023

The evolution of 20 years of cybersecurity awareness

3 min read - Since 2004, the White House and Congress have designated October National Cybersecurity Awareness Month. This year marks the 20th anniversary of this effort to raise awareness about the importance of cybersecurity and online safety. How have cybersecurity and malware evolved over the last two decades? What types of threat management tools surfaced and when? The Cybersecurity Awareness Month themes over the years give us a clue. 2004 - 2009: Inaugural year and beyond This early period emphasized general cybersecurity hygiene,…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature