Bridging the gap between Cyber-Security and IT Operations

Jul 17, 2018 | | Security
Bridging the gap between Cyber-Security and IT Operations

In my role as a Solutions Engineer, I have been tasked with demonstrating Tachyon to prospective customers and partners. At the product launch last year, I for one was incredibly excited with what I believed was the most powerful product that 1E has ever developed. Quite rightly a shift in paradigm when you consider the multi-dimensional capabilities of the product. An exceptional product, with use cases for both CyberSecurity and IT Operations. While the Security teams I am speaking to are impressed with its EDR and threat hunting features, the Ops teams who have historically depended on policy-based tools are blown over by the real-time nature of the product. But that’s when I speak to these teams individually. I have never on most times been able to get a meeting with both the teams in the same room.

It didn’t take long for me to realize that there was a serious disconnect between the enterprise security and operations teams. The problem being, traditionally both the teams have always been considered entirely separate functions. Basically two different departments – with completely different goals, different tools, and different organizational structures. These silos unintentionally have also made it difficult if not impossible to quickly detect and respond to potential security threats. For instance, a breach is discovered by the security team but the ops team is slow to react or IT operations might be focused on correcting an application failure that, in reality, is a system hack.

As IT departments grow and take on more responsibility, I see a few enterprises working towards collaboration of the two departments from an organizational standpoint. But what about the tools? The lack of synergy between these two critical groups is also because both the teams have relied on a completely different set of tools. It’s wasteful because you have so many tools that are providing partial data that have gaps, not accurate or scalable and each of the teams only sees part of the picture.

The good news is, Tachyon can help bridge this gap! The product provides security with the organizational context to investigate in real-time and it enables operations to resolve the remediation crisis. How, you ask?

Security Investigates

The investigation requires complete and accurate data from all endpoints in real-time and an understanding purpose of endpoints for business impact. Most organizations have more than a dozen security tools and a typical incident investigation process includes analysts looking at these tools for relevant security data. Operating in these tool consoles requires multiple browser tabs, credentials to these tools, and an understanding of their interfaces. What more, these tools are neither accurate nor scalable.

With Tachyon, you have a Google-like console experience which is similar to sitting in front of all your endpoints. It is so user-friendly that for most use-cases you won’t need specialized training to use the console.  You can interactively scope which means you can ask a series of questions and investigate in real-time and get instant answers back without waiting. Accuracy is guaranteed because all responses are live and there is no cached data which is extremely important if you’re making important decisions. The investigation from all clients will have a history to provide contexts such as processes, network connections, software changes, DNS resolutions, and more. This provides you with a record of all activities on a machine. With context built by covering the network to the endpoint, malware objects to full packets, and nodes both on-and-off premises, Security can ensure that there aren’t any blind spots when responding to an alert.

IT Ops Remediates

Tachyon is a leader when it comes to remediation with no other tool coming close to it whether you’re looking for scalability or real time. The operations team now has the same real-time console experience as an investigation with customized rights and functionality. They can use the built-in change control or can use their existing ITSM tooling for approvals in change management. The actions run in real-time so the remediation is immediate. For example, you can stop any processes, add a firewall rule, update a certificate or uninstall a software on all endpoints and you can do this instantly. The remediation capabilities are endless, that begin with undoing small changes on machines to completely rebuilding a machine.

Bringing it all together

Many IT Leaders are struggling to find a way to lessen the amount of time between detection and remediation. Tachyon automation can dramatically reduce this timeframe and mitigating potential damages. The way it works is relatively simple, yet highly effective. In a traditional Security Operations Center, when an operator receives an alert, he or she would have to initiate the next steps manually. This could be time-consuming and sometimes error-prone. But when actions are automated, through “scheduling” available in the product- the process is much faster and convenient. It speeds up response time and minimizes errors with little to no human intervention required.

At 1E, we are redefining what security means to an organization. The aim is to build a strong security posture by facilitating more effective communication between security and operations, so they can quickly and accurately prioritize and remediate threats. Our mission is to fortify enterprises with a strong SecOps solution that transforms disconnected initiatives into a single, unified, secure, and comprehensive process. A solution that accelerates vulnerability resolution, controls the cost of remediation, and mitigates risk.

Share this post

Share this post on your favourite social media platform.

Find this article useful?

If so please click here