Exclusive Interview: BMC’s Jon Powers on SecOps and What is Needed to Achieve It
Each month DLT’s GovIT podcast series explores a different technology, what it is and how it can help public sector organizations achieve their monetization goals and accomplish their missions. Recently, our host, Tom Temin, sat down with BMC Software's Jon Powers for a Q&A about security operations or SecOps for the public sector.
Here are some highlights of their discussion.
Q: What is SecOps?
Jon Powers: At a high level, SecOps is how security and operations work tighter. As a matter of best practice, security operations are really two different parts of the IT organization that swim in almost completely different lanes. And there the lies the challenge. When we talk about the impact of some of the challenges we have today within SecOps it’s because they're so different.
Creating awareness around security operations is a big challenge, but necessary.
Q: For the public sector, what are some of the features a SecOps situation or solution would look like?
Jon Powers: There are several features that come into play. Oftentimes, when we talk about security operations or cybersecurity in general, we default to some of the traditional conversations around very reactive approaches to intrusion or threat detection. Whereas SecOps emphasizes proactive security and the ability to identify potential threats and prioritize those threats for remediation. Indeed, a full visibility of all your IT assets is a foundational part of any SecOps strategy. Of course, obtaining complete visibility across all network assets while most employees are working from home and using government-provided and personal devices brings its own challenges.
Q: What are some of the benefits that federal agencies can achieve in terms of better security, but also improved compliance and reporting and being able to verify that they're on top of their own IT assets and networks?
Jon Powers: Obvious benefits of SecOps include cost reduction and risk mitigation. When an organization approaches cybersecurity in a reactive manner huge amounts of resources are allocated to defending the perimeter and remediating issues as they arise. Federal agencies are primate targets so reducing the overall attack surface is critical. Most attacks target known vulnerabilities, when we talk about the lag between security and operations, this is what organizations are up against.
Q: The term SecOps brings together two words and they each represent the Security Operations Center on one side and the IT or network operation center on the other side, does it bring the two organizations closer? And how does it change the jobs and work of the people that are doing all of this?
Jon Powers: It really should bring the two together. We were having conversations with federal chief security officers and they continue to stress the importance of cybersecurity awareness down to every single employee level. These entities must come together because that awareness can’t just exist within the security team. It's got to exist across networks, applications, and the like.
Q: And what about BMC? How do you help agencies get to this SecOps view of operations or this approach?
Jon Powers: BMC’s approach to this is very foundational. We focus on helping agencies identify the extent of their network and attack surface through discovery, blind spot detection, and network and relationship mapping.
We can also help identify the impact analysis of building out a federated configuration management database (CMDB) and other operational initiatives. For severs and networks we apply TrueSight automation – a smart patching enterprise-scale vulnerability management tool. With TrueSight, teams can prioritize vulnerabilities and take automated remediation action. KPI dashboards also provide a single pane of glass view so that teams can make educated decisions
Q: Any other thoughts on BMC and how you can help government agencies get to this model?
Jon Powers: I know we mentioned this earlier; but SecOps starts, not with technology, but with a culture of awareness. Security and C-suite leaders are realizing that they can’t be in a combative relationship, it must be synergistic.
The other critical point is automation. Throwing more bodies at cybersecurity is not the answer. Neither is doing the same thing repeatedly and expecting a different result. Also, a lot of today’s manual and reactive processes will continue to fail because they don’t scale.
Finally, your choice of tooling is critical. SecOps tools must work together as complimentary technologies – as automated as possible. If you've got 30 different technologies sitting out there as part of your security strategy then it’s going to be tough to manage when you look at managing upgrade risks.
To listen to the full podcast episode, click below!