Rethinking Security Operations

As recently as a few years ago, managing security was relatively straightforward, since the business and network environment was relatively static. However, with the emergence of disruptive technologies such as cloud, mobility and potentially the Internet of Things (IoT), the pace of business and network changes has accelerated to the point where security teams now have to deal with a constant state of change in the environment.

With the dearth in experienced security professionals, throwing more people at the problem is not an option. Even if that were an option, security processes that are mostly manual in nature and labor-intensive will result in an increase in configuration errors as systems become more dynamic. A dynamic, fast-growing environment also creates blind spots that impact security effectiveness.


It’s Time to Rethink Security Operations

Security managers can evaluate tasks and workflows to identify those tasks that would most impact a team’s ability to respond quickly to a security event to prevent an attack. These tasks, which could include security architecture planning, threat impact analysis and breach investigation, should be priorities for the security team. If not, they’re left with routine tasks such as patch management, asset inventory, ticketing and resolving issues, and access rights management. These tasks are extremely time-consuming, so an assessment of workflow bottlenecks and process efficiencies would be helpful in identifying the tasks that can be either automated or delegated.

Granted, security managers might have toyed with automation in the past, with less than stellar results. However, today, there is much better control over the automation of workflows and tasks with the latest generation of security management platforms in the market. These security management platforms provide APIs and policy layers that allow a high level of specificity and control over what a person or system has access to within the security policy. This gives security teams the confidence to integrate with ticketing, network management or cloud orchestration systems knowing that they can limit exactly what that integrated system has access to and is capable of doing. This capability to integrate securely is particularly relevant in cloud and outsourced environments. Security can be embedded into cloud orchestration platforms to automatically secure virtual machines as they are provisioned. On the flip side, if a virtual machine is infected, it can be quarantined immediately.

In outsourced environments where some aspect of security is managed by a service provider, in-house security teams can now define exactly what sections of the policy or security management tasks that service provider has access to, and no more. For example, if intrusion prevention (IPS) policy management is outsourced, a web services portal can be tee’d up that provides the service provider access only to the policies related to IPS protections.

Security management platforms that enable security policies to be segmented and that provide granular policy delegation make it easy to delegate administrative rights to business unit owners for routine tasks. For example, the Help Desk team can be empowered to add users, hosts and applications to be secured. Taken a step further, a direct integration of the security management platform with the ticketing system would streamline this process. This ability to delegate routine tasks to non-security teams or security partners will free up the security team to focus on tasks that require more security expertise. Security would then become an enabler, and not an inhibitor, of business innovation.

When mapping out the tasks that could be automated or delegated for the most efficient impact on your security team, it would also be a good time to evaluate if the current security systems you have in your infrastructure can support your future automation and security operationalization needs.

For more information on security management, click here.


Jane Goh has worked in IT security product management for more than 10 years. Before joining Check Point, Jane held senior positions at various Silicon Valley startups and security industry leaders, including Imperva, Coverity and VeriSign. Jane currently manages the Security Management product line at Check Point. Jane has a B.Sc. from UC Irvine and an M.A. from UCLA.