With all that's been going on in the world lately, it's been challenging (at best) to stay on top of the patching and compliance management tasks that are crucial to enterprise security. Make no mistake about it, while everyone is simply trying to navigate their way through these challenging times, there are plenty of nefarious individuals out there looking to take advantage of all the chaos for their own personal gain. For instance, have you heard of the latest Microsoft Windows vulnerability called Zerologon? No? Well it's a scary one! Basically anyone with access to your network can obtain the password to your domain controller! So the question becomes are you patching fast enough to keep your organization protected against new threats?
While this should be a seemingly easy question to answer, oftentimes the answer depends on the structure of your IT department, your role within the IT organization, and the tools that you use in order to secure your datacenter. Let's take a look at each of these and see how they can affect your ability to quickly identify and respond to new security threats.
First off, believe it or not, the way that your IT organization is structured may result in slower response times when identifying and remediating security risks based on missing patches. For instance, most corporations have separate security and operations teams that work independently of each other. While this may seem logical, research has shown that having separate teams slows key processes including threat detection, identification, response time, and remediation time.
Think about this for a minute and you'll see it makes some sense. In a fairly typical organization, the security team would generally be the first team to learn about the vulnerability. Since this vulnerability is a missing patch, they would create a service ticket and pass it along to the operations team. The operations team then has to figure out which servers/resources are affected by this missing patch, then go through the process of contacting the resource owners and coming up with a plan and a maintenance window to install the patch. This whole process can be long and drawn out, leaving your datacenter exposed and at risk.
Now let's compound this problem a little bit. The research that I referenced above also shows that - depending on your role within the IT department - you may have a very different viewpoint on how quickly you or your team are responding to new threats.
As you can see, 54% of executives felt that their operations team was proactive and did not wait for direction from the security team to fix security issues; however, only 40% of front-line operations workers felt the same way. Similarly, 84% of executives felt that their operations team was actively running scans for security vulnerabilities, while only 64% of front line operations workers felt the same. So what does all this mean? Well there is obviously a disconnect between what executives think is being done and what is actually being done. So now you potentially have a second issue - miscommunication - that is slowing down your ability to respond quickly to security threats. Executives feel that their teams are proactive and prepared for these threats, but that may not be what's really going on!
The third aspect that I mentioned earlier centers around the toolset(s) that you use to secure your datacenter. More and more organizations are requiring that their teams produce a risk state report for executives. This makes a lot of sense, as organizations want to eliminate the miscommunication aspect that I mentioned above and ensure that their datacenter is properly protected. However, producing a risk state report is often a time consuming task! Given that it generally takes so long to produce such a report, the report is almost useless as soon as it's finished.
The Bottom Line
As we've seen here, there can be a multitude of issues that can affect your ability to respond quickly to new security threats. The key to responding to threats quickly is to streamline processes, improve communication, and constantly monitor your datacenter for vulnerabilities. Sounds impossible right? Well lucky for you, Data Center Automation (DCA) can help you tackle all three of these issues!
With DCA, you can enable your operations team to be more proactive in identifying and remediating security issues, eliminating the need for them to wait for direction from the security team first. DCA's risk and compliance dashboards help keep everyone in the loop--executives can quickly view the risk state of the datacenter, and the operations team can quickly identify, prioritize, and remediate security issues.
Lastly, DCA's dashboards, along with its new reporting features based on the ITOM Reporting Service, reduce the time it takes to produce a risk state report to show to executives. With all of these features and more, DCA helps you patch faster and smarter, helping keep you safe from vulnerabilities such as Zerologon.
Find out more about how DCA can help you by vising our partner portal pages.
- Have technical questions about Data Center Automation? Visit the Data Center Automation User Discussion Forum
- Keep up with the latest Tips & Info about Data Center Automation
- Do you have an Idea or Product Enhancement Request about Data Center Automation? Submit it in the Idea Exchange
We’d love to hear your thoughts on this blog! Comment below.
Data Center Automation