Higher exposure to digitisation has influenced various organisations to act against the risk of hackers, vulnerabilities, unidentified systems and misconfigurations. BMC Sofware enforces security through its compliance policies and continuous system scans, says Sunil Thakur, Country Director, BMC Software in conversation with Elets News Network (ENN). Excerpts:
Various organisations are reeling under threat of security breaches every single day, what is the best way to address security issues?
In today’s digital world where everything has to be accessible, organisations have to mitigate the risks that hackers, vulnerabilities, unidentified systems and misconfigurations create. It is a complicated process, requiring collaboration between two teams. Security and Operations have limited knowledge of each other’s activities and typically work in isolation.
The lack of integration and coordination between security and operations is leaving the door wide open for attacks and compliance violations. For over a year, we have been talking to our customers about SecOps, which reduces the attack surface and leverages automation to ease the burden of manual processes. It also creates visibility and traceability so everyone is on the same page regarding the specific steps in the security operations workflow.
How does BMC Software help their customers to close the gap between security and operations?
In an organisation, the security and operation’s team has two different roles. The security team is actively trying to defend against hackers, enforce security and compliance policies and continuously scan the environment to identify vulnerabilities. When they identify issues, they send information to the operations team as a high priority item. But the reports that they send don’t have any operational context.
Meanwhile, the operation’s team is ensuring the business is focused on performance, uptime and stability. They are also the unenthusiastic recipients of the aforementioned reports from security. Their lack of enthusiasm is not because they do not care about security but the manual effort required to make sense of the reports can be overwhelming for a team that is most likely already under-resourced.
According to a BMC and Forbes Insights report, 44 percent of executives said data breaches occur even when vulnerabilities and their remediation have been identified. These vulnerabilities remain unpatched because of a gap between Security identifying the threat and Operations issuing a patch, often taking as long as 193 days.
It is these pain points that led BMC Software to develop strategic capabilities that enable customers to eliminate blind spots and automate the process that security and operations teams follow to find and fix issues. We have introduced BladeLogic Threat Director 2.2 which is equipped to address all security related concerns.
What are the solutions that BMC Software offers to remove blind spots and remediate risk?
BMC Software’s solution BladeLogic Threat Director solution enables IT operations and security teams to move from a fractured defensive security approach to a coordinated offensive attack.
Through integration with BMC Discovery, operations teams will be able to identify rogue systems, and identify un-scanned and non-managed assets in their environments. This allows them to set up a plan to automatically bring blind spots under management, and bring them into compliance with policies or remove them from the environment altogether.
BladeLogic Threat Director remains the only automation solution that natively integrates vulnerability data and operationally enriches that data, which accelerates the operations team’s ability to figure out what to do with those multi-thousand line reports for both servers and networks. It builds that bridge for actionable information to flow quickly between security and operations, allowing organisations to set up a strong defense against hackers. BMC aims to fast track security, fixing issues in minutes, not weeks.