The 5 Essentials of Enterprise SecOps

What is SecOps, Anyways?

Before we dive into the 5 essentials of SecOps, let’s briefly lay the foundation, here.

Some people may ask, “what is SecOps?”

Well, I’m sure you’ve heard of DevOps, so why don’t we start there. I’ll explain how they are similar.

According to Amazon Web Services (AWS):

“DevOps is the combination of cultural philosophies, practices, and tools that increases an organization’s ability to deliver applications and services at high velocity: evolving and improving products at a faster pace than organizations using traditional software development and infrastructure management processes. This speed enables organizations to better serve their customers and compete more effectively in the market.”

Using this definition as a frame of reference, SecOps would read something like this:

Devops SecOps is the combination of cultural philosophies, practices, and tools that increases an organization’s ability to deliver applications security and services at high velocity: evolving and improving products an organization’s security posture at a faster pace than organizations using traditional software development security and infrastructure management processes. This speed enables organizations to better serve their customers and compete more effectively in the market.

For people who truly believe in DevOps, the term doesn’t reflect tools like Puppet, Chef, Jenkins, Docker, etc. These tools simply enable the vision of DevOps, and this notion is also true for SecOps…

1. Security is a Process, not a Product

If you’re familiar with cybersecurity, you probably know Bruce Schneier. The quote that was first penned in April 2000 reads, “Security is a process, not a product. Products provide some protection.

SecOps speaks to Schneier’s mandate that security be a process. The integration of security and operations teams ensures that the philosophy of security is built into every layer of the organization, and the outcome of this is an organization that operates faster and with a greater measure of security.

2. The Bad Guys have the Advantage

Malicious actors possess an asymmetric advantage over cyber defenders, but there are ways to level the playing field. Bad actors take advantage of the fact that most organizations still have a very limited cybersecurity budget. The lack of cybersecurity talent is pervasive and attackers have the greatest advantage of all, namely time. An attacker can simply wait for a new exploit to be discovered and use it on enterpise systems before you have the time to patch.

By leveraging the ServiceNow SecOps platform, you can enable the type of processes required to implement a successful SecOps strategy, reducing business risk.

3. Learn Common Attack Patterns 

Luckily, many of the attacks that are carried out follow a very similar attack pattern. The tools and exploits may be different, but the underlying pattern is the same. With the right processes in place, you can align your cyber defense team to prioritize actions that are proven to lead to the greatest incidents of compromise.

To accomplish this, you need several things:

  • good communication about meaningful data
  • a great process
  • and finally, the right platform that enables both.

Once you’ve developed these core components, you will start to improve your security posture and lower your risk profile. The reality is, most organizations are struggling to achieve this level of maturity, but it can be done! When you achieve this level of maturity, you can start to leverage automation and orchestration to known bad issues…

4. Automation Covers your Back

When organizations reach a level of security maturity, they will have processes in place for known bad incidents. So, in other words, a step-by-step process to handle 20% of security problems that consume 80% of their time.

Example: an organization has a process to handle a vulnerability on an Internet-facing web server that was discovered by their vulnerability scanning tool. It might look something like this:

If the products used within an organization have a powerful set of APIs, it may be possible to automate this whole process flow, including change control creation, change approval for standard changes, scanning the system, etc.  As I mentioned, there’s a large shortage of cybersecurity professionals. Automating the low hanging fruit by selecting the right platform allows your incident responders to focus on truly critical issues.

So, what is the result of these efforts?

5. Simplify your Compliance Efforts

Compliance has traditionally been a taxing endeavor to businesses, but it can be as simple as running a report. When you have solid processes and your automation tools are doing large portions of the documentation, compliance burdens all but melt away.


If you’d like to hear more about SecOps and how it can enable your business, join our Virtual Briefing on November 7th to discuss how ServiceNow can be used for real-time monitoring of compliance activities and posture, while automating security incident response.



mm
Author: Steven Aiello
Steven is an enterprise architect with a strong client focus. His operations experience spans over 15 years. This translates into an understanding of the daily challenges for IT teams. In addition to traditional data center technologies, he also has a wide range of security and compliance experience.

Leave a Reply